b'Audit Report\n\n\n\n\nOIG-12-074\nReport on the Bureau of the Public Debt Trust Funds\nManagement Branch\xe2\x80\x99s Description of its Trust Funds\nManagement Processing Services and the Suitability of the\nDesign and Operating Effectiveness of its Controls for the Period\nAugust 1, 2011 to July 31, 2012\nSeptember 19, 2012\n\n\n\n\nOffice of\nInspector General\nDepartment of the Treasury\n\x0c                                      DEPARTMENT OF THE TREASURY\n                                            W ASHINGTON, D.C. 20220\n\n\n\n\n     OFFICE OF\nINSPECTOR GENERAL\n                                             September 19, 2012\n\n\n            MEMORANDUM FOR VAN ZECK, COMMISSIONER\n                           BUREAU OF THE PUBLIC DEBT\n\n            FROM:                  Michael Fitzgerald\n                                   Director, Financial Audits\n\n            SUBJECT:               Report on the Bureau of the Public Debt Trust Funds\n                                   Management Branch\xe2\x80\x99s Description of its Trust Funds\n                                   Management Processing Services and the Suitability of the\n                                   Design and Operating Effectiveness of its Controls for the\n                                   Period August 1, 2011 to July 31, 2012\n\n\n            I am pleased to transmit the attached Report on the Bureau of the Public Debt (BPD)\n            Trust Funds Management Branch\xe2\x80\x99s Description of its Trust Funds Management\n            Processing Services and the Suitability of the Design and Operating Effectiveness of\n            its Controls for the period August 1, 2011 to July 31, 2012. Under a contract\n            monitored by the Office of Inspector General, KPMG LLP, an independent certified\n            public accounting firm, performed an examination of the description of controls, the\n            suitability of the design and the operating effectiveness of the general computer and\n            trust funds management processing controls used for various Federal and State\n            Government agencies\xe2\x80\x99 (Program Entities) transactions for the period August 1, 2011\n            to July 31, 2012. The contract required that the examination be performed in\n            accordance with generally accepted government auditing standards and the\n            American Institute of Certified Public Accountants\xe2\x80\x99 Statement on Standards for\n            Attestation Engagements Number 16, Reporting on Controls at a Service\n            Organization.\n\n            In its examination, KPMG LLP found in all material respects:\n\n                \xe2\x80\xa2   the Description of Controls Provided by the BPD fairly presents the general\n                    computer and trust funds management processing controls that were\n                    designed and implemented throughout the period August 1, 2011 to July 31,\n                    2012,\n                \xe2\x80\xa2   that these controls were suitably designed to provide reasonable assurance\n                    that the control objectives would be achieved if the controls operated\n                    effectively throughout the period August 1, 2011 to July 31, 2012, and\n\x0cPage 2\n\n\n       Program Entities applied the complementary Program Entity controls and sub-\n       service organizations applied the controls contemplated in the design of BPD\xe2\x80\x99s\n       controls throughout the period August 1, 2011 to July 31, 2012, and\n   \xe2\x80\xa2   that the controls tested, which together with the complementary Program\n       Entity controls and sub-service organizations\xe2\x80\x99 controls, if operating effectively,\n       were those necessary to provide reasonable assurance that the control\n       objectives were achieved and operated effectively throughout the period\n       August 1, 2011 to July 31, 2012.\n\nIn connection with the contract, we reviewed KPMG LLP\xe2\x80\x99s report and related\ndocumentation and inquired of its representatives. Our review, as differentiated\nfrom an examination of the description of controls, the suitability of the design and\nthe operating effectiveness of controls in accordance with generally accepted\ngovernment auditing standards, was not intended to enable us to express, and we\ndo not express, an opinion on BPD\'s description of controls, the suitability of the\ndesign of these controls and the operating effectiveness of controls tested.\nKPMG LLP is responsible for the attached independent service auditors\xe2\x80\x99 report dated\nSeptember 14, 2012, and the conclusions expressed in the report. However, our\nreview disclosed no instances where KPMG LLP did not comply, in all material\nrespects, with generally accepted government auditing standards.\n\nShould you have any questions, please contact me at (202) 927-5789, or a member\nof your staff may contact Mark S. Levitt, Manager, Financial Audits at\n(202) 927-5076.\n\nAttachment\n\x0c                 U.S. Department of the Treasury\n                    Bureau of the Public Debt\n\n\n\n                 Trust Funds Management Branch\n                      General Computer and\n                 Trust Funds Processing Controls\n\n\n\n\nReport on Trust Funds Management Branch\xe2\x80\x99s Description of Its Trust\n  Funds Management Processing Services and the Suitability of the\n         Design and Operating Effectiveness of Its Controls\n           For the Period August 1, 2011 to July 31, 2012\n\x0c                                U.S. DEPARTMENT OF THE TREASURY\n                                    BUREAU OF THE PUBLIC DEBT\n                                TRUST FUNDS MANAGEMENT BRANCH\n\n   REPORT ON TRUST FUNDS MANAGEMENT BRANCH DESCRIPTION OF ITS\n   TRUST FUNDS MANAGEMENT SERVICES AND THE SUITABILITY OF THE\n       DESIGN AND OPERATING EFFECTIVENESS OF ITS CONTROLs\n\n\n                                                      Table of Contents\n\nSection                                                   Description                                                                            Page\n\n   I. Independent Service Auditors\xe2\x80\x99 Report Provided by KPMG LLP .......................................... 1\n\n II.   Management\xe2\x80\x99s Assertion ............................................................................................................. 5\n\n III. Description of Controls Provided by the Bureau of the Public Debt ...................................... 8\n\n       Overview of Operations ................................................................................................................. 9\n\n       Relevant Aspects of the Control Environment, Risk Assessment, and Monitoring...................... 13\n\n               Control Environment ........................................................................................................... 13\n               Risk Assessment.................................................................................................................. 13\n               Monitoring........................................................................................................................... 14\n\n       Information and Communication .................................................................................................. 15\n\n       Control Objectives and Related Controls\n           The Bureau of the Public Debt\xe2\x80\x99s control objectives and related controls are\n           included in Section IV of this report, \xe2\x80\x9cControl Objectives, Related Controls, and\n           Tests of Operating Effectiveness.\xe2\x80\x9d Although the control objectives and related\n           controls are included in Section IV, they are, nevertheless, an integral part of\n           the Bureau of the Public Debt\xe2\x80\x99s description of controls.\n\n       Complementary Program Entity Controls..................................................................................... 17\n\n       Sub-service Organizations ............................................................................................................ 19\n\n IV. Control Objectives, Related Controls, and Tests of Operating Effectiveness ....................... 22\n\n       General Computer Controls .......................................................................................................... 23\n\n               System Software.................................................................................................................. 23\n               Vendor Software ................................................................................................................. 26\n               Program Change Control..................................................................................................... 28\n               Physical Access ................................................................................................................... 30\n\x0c             Logical Access .................................................................................................................... 33\n             Computer Operations .......................................................................................................... 36\n             Network Performance Monitoring ...................................................................................... 38\n\n     Trust Funds Management Processing Controls............................................................................. 39\n\n             Procedures .......................................................................................................................... 39\n             Receipts Processing ............................................................................................................. 40\n             Investment Purchase Requests ............................................................................................ 45\n             Investment Income .............................................................................................................. 47\n             Investment Redemption Requests ....................................................................................... 49\n             Disbursement Processing .................................................................................................... 51\n             Records Maintenance .......................................................................................................... 54\n             Reporting ............................................................................................................................. 56\n             Unemployment Trust Funds Title XII of the Social Security Act Advances Program ....... 60\n\nV.   Other Information Provided by Bureau of the Public Debt ................................................... 62\n\n     Contingency Planning ................................................................................................................... 63\n\x0cI.   INDEPENDENT SERVICE AUDITORS\xe2\x80\x99 REPORT\n             PROVIDED BY KPMG LLP\n\n\n\n\n                    1\n\x0c                                KPMG LLP\n                                1676 International Drive\n                                McLean, VA 22102\n\n\n                                   Independent Service Auditors\xe2\x80\x99 Report\n\n\nInspector General, U.S. Department of the Treasury\nCommissioner, Bureau of the Public Debt and the\nAssistant Commissioner, Office of Public Debt Accounting\n\n\nScope\nWe have examined the Bureau of the Public Debt (BPD) Trust Fund Management Branch\xe2\x80\x99s (TFMB\xe2\x80\x99s)\ndescription of its general computer and trust funds management processing controls used for processing\nProgram Entities transactions throughout the period August 1, 2011 to July 31, 2012 (description) and the\nsuitability of the design and operating effectiveness of controls to achieve the related control objectives\nstated in the description. The description indicates that certain control objectives specified in the\ndescription can be achieved only if complementary Program Entity controls and controls at the sub-service\norganizations contemplated in the design of BPD\xe2\x80\x99s controls are suitably designed and operating effectively,\nalong with related controls at the service organization. We have not evaluated the suitability of the design\nor the operating effectiveness of such complementary Program Entity controls or controls at the sub-\nservice organizations.\n\n\nBPD uses external service organizations (sub-service organizations). A list of these sub-service\norganizations is provided in Section III. The description in Sections III and IV includes only the control\nobjectives and related controls of BPD and excludes the control objectives and related controls of the sub-\nservice organizations. Our examination did not extend to controls of sub-service organizations.\n\n\nThe information in Section V of management\xe2\x80\x99s description of the service organization\xe2\x80\x99s system, \xe2\x80\x9cOther\nInformation Provided by Bureau of the Public Debt,\xe2\x80\x9d that describes contingency planning is presented by\nmanagement of BPD to provide additional information and is not a part of BPD\xe2\x80\x99s description of its system\nmade available to Program Entities during the period August 1, 2011 to July 31, 2012. Information in\nSection V has not been subjected to the procedures applied in the examination of the description of the\nsystem and of the suitability of the design and operating effectiveness of controls to achieve the related\ncontrol objectives stated in the description of the system, and, accordingly, we express no opinion on it.\n\n\nService organization\xe2\x80\x99s responsibilities\nIn Section II, BPD has provided an assertion about the fairness of the presentation of the description, the\nsuitability of the design and the operating effectiveness of the controls to achieve the related control\nobjectives stated in the description. BPD is responsible for preparing the description and for the assertion,\nincluding the completeness, accuracy, and method of presentation of the description and the assertion,\nproviding the services covered by the description, specifying the control objectives and stating them in the\ndescription, identifying the risks that threaten the achievement of the control objectives, selecting and using\nsuitable criteria, and designing, implementing, and documenting controls to achieve the related control\nobjectives stated in the description.\n\n\n\n                                                                  2\n                                KPMG LLP is a Delaware limited liability partnership,\n                                the U.S. member firm of KPMG International Cooperative\n                                (\xe2\x80\x9cKPMG International\xe2\x80\x9d), a Swiss entity.\n\x0cService auditors\xe2\x80\x99 responsibilities\nOur responsibility is to express an opinion on the fairness of the presentation of the description, the\nsuitability of the design and the operating effectiveness of the controls to achieve the related control\nobjectives stated in the description, based on our examination. We conducted our examination in\naccordance with attestation standards established by the American Institute of Certified Public Accountants\nand applicable Government Auditing Standards issued by the Comptroller General of the United States.\nThose standards require that we plan and perform our examination to obtain reasonable assurance about\nwhether, in all material respects, the description is fairly presented, the controls were suitably designed and\nthe controls were operating effectively to achieve the related control objectives stated in the description\nthroughout the period August 1, 2011 to July 31, 2012.\n\n\nAn examination of a description of a service organization\'s system and the suitability of the design and\noperating effectiveness of the service organization\'s controls to achieve the related control objectives stated\nin the description involves performing procedures to obtain evidence about the fairness of the presentation\nof the description and the suitability of the design and the operating effectiveness of those controls to\nachieve the related control objectives stated in the description. Our procedures included assessing the risks\nthat the description is not fairly presented and that the controls were not suitably designed or operating\neffectively to achieve the related control objectives stated in the description. Our procedures also included\ntesting the operating effectiveness of those controls that we consider necessary to provide reasonable\nassurance that the related control objectives stated in the description were achieved. An examination\nengagement of this type also includes evaluating the overall presentation of the description and the\nsuitability of the control objectives stated therein, and the suitability of the criteria specified by the service\norganization and described in management\xe2\x80\x99s assertion in Section II of this report. We believe that the\nevidence we obtained is sufficient and appropriate to provide a reasonable basis for our opinion.\n\n\nInherent limitations\nBecause of their nature, controls at a service organization may not prevent, or detect and correct, all errors\nor omissions in processing or reporting transactions. Also, the projection to the future of any evaluation of\nthe fairness of the presentation of the description, or conclusions about the suitability of the design or\noperating effectiveness of the controls to achieve the related control objectives is subject to the risk that\ncontrols at a service organization may become inadequate or fail.\n\n\nOpinion\nIn our opinion, in all material respects, based on the criteria described in BPD\xe2\x80\x99s assertion (1) the\ndescription fairly presents the general computer and trust funds management processing controls that were\ndesigned and implemented throughout the period August 1, 2011 to July 31, 2012, (2) the controls related\nto the control objectives stated in the description were suitably designed to provide reasonable assurance\nthat the control objectives would be achieved if the controls operated effectively throughout the period\nAugust 1, 2011 to July 31, 2012, and Program Entities applied the complementary Program Entity controls\nand sub-service organizations applied the controls contemplated in the design of BPD\xe2\x80\x99s controls\nthroughout the period August 1, 2011 to July 31, 2012, and (3) the controls tested, which together with the\ncomplementary Program Entity controls and sub-service organizations\xe2\x80\x99 controls referred to in the scope\nparagraph of this report, if operating effectively, were those necessary to provide reasonable assurance that\nthe control objectives stated in the description in Section IV were achieved, operated effectively\nthroughout the period August 1, 2011 to July 31, 2012.\n\n\n\n                                                        3\n\x0cDescription of tests of controls\nThe specific controls and the nature, timing, extent, and results of the tests are listed in Section IV.\n\n\nRestricted use\nThis report, including the description of tests of controls and results thereof in Section IV, is intended\nsolely for the information and use of the management of BPD, Program Entities of BPD\xe2\x80\x99s system during\nsome or all of the period August 1, 2011 to July 31, 2012, the U.S. Department of the Treasury Office of\nInspector General, the Office of Management and Budget, the Government Accountability Office, the U.S.\nCongress, and the independent auditors of BPD\xe2\x80\x99s Program Entities, who have a sufficient understanding to\nconsider it, along with other information including information about controls implemented by Program\nEntities themselves, when assessing the risks of material misstatements of Program Entities\xe2\x80\x99 financial\nstatements. This report is not intended to be and should not be used by anyone other than these specified\nparties.\n\n\n\n\nSeptember 14, 2012\nMcLean, Virginia\n\n\n\n\n                                                        4\n\x0cII.   MANAGEMENT\xe2\x80\x99S ASSERTION\n\n\n\n\n             5\n\x0c                                     Department of the Treasury\n                                       Bureau of the Public Debt\n                                     Parkersburg, WV 26106-1328\n\n\n\n                                        September 14, 2012\n\nKPMG LLP\n1676 International Drive\nMcLean, VA 22102\n\nLadies and Gentlemen:\n\nWe have prepared the description of the Trust Fund Management Branch (TFMB) trust funds\nmanagement processing controls used for processing transactions that use InvestOne accounting\nsystem which is a vendor supplied subsystem of the Government Agency Investment Services\nSystem (GAISS) for user entities of the system during some or all of the period of August 1, 2011\nthrough July 31, 2012, and their user auditors who have a sufficient understanding to consider the\ndescription, along with other information, including information about controls operated by user\nentities of the system themselves, when assessing the risks of material misstatements of user\nentities\xe2\x80\x99 financial statements. We confirm, to the best of our knowledge, and belief, that\n\na. TFMB uses a number of different sub-service organizations for certain transaction processing:\n\n        Sub-Service Organization                     Description of Services\n        Internal Revenue Service                    Provides excise taxes collected details\n        Treasury - Office of Tax Analysis           Provides estimated tax receipt information\n        Treasury Financial Management Service       Provides disbursement and receipt transactions\n                                                    and financial and budget reports\n        Federal Reserve Bank of New York            Provides deposit and withdraw transactions\n        Administrative Resource Center              Report trust fund transactions processed by\n                                                    InvestOne\n\n\n    The description in Section III and IV includes only the controls and related control objectives\n    of TFMB and excludes the control objectives and related controls of the services listed above\n    from the respective service organizations. The criteria we used in making this assertion were\n    that the accompanying description:\n\n   i.      Presents how the system made available to user entities of the system was designed and\n           implemented to process relevant transactions, including:\n\n           1. The types of services provided, including, as appropriate, the classes of transactions\n              processed;\n           2. The procedures, within both automated and manual systems, by which those\n              transactions were initiated, authorized, recorded, processed, corrected as necessary,\n              and transferred to the reports prepared for user entities;\n           3. The related accounting records, supporting information, and specific accounts that\n              were used to initiate, authorize, record, process, and report transactions; this\n\n\n                                                6\n\x0c                    includes the correction of incorrect information and how information was\n                    transferred to the reports prepared for user entities;\n               4.   How the systems captured and addressed significant events and conditions, other\n                    than transactions;\n               5.   The process used to prepare reports or other information for user entities;\n               6.   Specified control objectives and controls designed to achieve those objectives;\n               7.   Controls that we assumed, in the design of the system, would be implemented by\n                    user entities, and which, if necessary to achieve control objectives stated in the\n                    accompanying description, are identified in the description along with the specific\n                    control objectives that cannot be achieved solely by controls implemented by us;\n                    and\n               8.   Other aspects of our control environment, risk assessment process, information and\n                    communication systems (including the related business processes), control activities,\n                    and monitoring controls that are relevant to processing and reporting transactions of\n                    user entities transactions.\n\n        ii.     Does not omit or distort information relevant to the scope of TFMB and InvestOne, while\n                acknowledging that the description is prepared to meet the common needs of a broad\n                range of trust fund customers and independent auditors of those entities and may not;\n                therefore, include every aspect that each user entity and its auditor may consider\n                important in its own environment.\n\nb. The description includes relevant details of changes to the InvestOne during the period\n   covered by the descriptions.\n\nc. The controls related to the control objectives stated in the description were suitably designed\n   and operated throughout the period of August 1, 2011 through July 31, 2012 to achieve those\n   control objectives. The criteria we used in making this assertion were that:\n\n   i.         The risks that threatened achievement of control objectives stated in the description were\n              identified;\n\n  ii.         The identified controls would, if operating as described, provide reasonable assurance that\n              those risks did not prevent the stated control objectives from being achieved; and\n\n iii.         The controls were consistently applied as designed, including whether manual controls\n              were applied by individuals who have the appropriate competence and authority.\n\n                                                         Very truly yours,\n\n\n\n\n                                                         Susan L. Chapman, Director\n                                                         Division of Federal Investments\n\n\n\n\n                                                     7\n\x0cIII.   DESCRIPTION OF CONTROLS PROVIDED BY THE BUREAU OF\n                        THE PUBLIC DEBT\n\n\n\n\n                          8\n\x0cOVERVIEW OF OPERATIONS\n\nTreasury Directive 27-02, Organization and Functions of the Fiscal Services, dated May 23,\n1997, established the Bureau of the Public Debt\xe2\x80\x99s (BPD) responsibility to invest, approve\nschedules for withdrawals, and maintain accounts for the Federal Trust and Deposit Programs as\ndirected by statute, and certify interest rates determined by the Secretary of the Treasury.\n\nBPD has assigned these responsibilities to the Division of Federal Investments (DFI), with the\nexception of interest certification, which is assigned to the Debt Accounting Branch. DFI\nmanages two functional areas: Trust Funds Management Branch (TFMB) and Federal\nInvestments Branch (FIB). TFMB is the service organization responsible for processing certain\nreceipt, investment, investment servicing, disbursement, and redemption transactions for nineteen\ntrust funds. In addition, TFMB reports the results of the transactions processed to the Financial\nManagement Service (FMS) and the Program Agencies and States (Program Entities) whose\nprograms are funded by the trust funds. TFMB employs ten personnel and reports on nearly $3.1\ntrillion of trust fund assets. TFMB more specifically:\n\n    \xe2\x80\xa2   Analyzes provisions and limitations of public laws relating to authorized trust\n        fund transactions\n    \xe2\x80\xa2   Processes receipt, investment, investment income, and disbursement activity\n    \xe2\x80\xa2   Establishes and controls the record keeping of the trust fund activity processed by\n        BPD\n    \xe2\x80\xa2   Provides monthly reports to Program Entities reflecting trust fund activities and\n        balances\n\nTransaction support is maintained in paper or electronic format. The supporting documentation is\nmaintained in work folders that include at least the following key documents:\n\n        \xe2\x80\xa2   Transaction supporting documentation:\n             - Receipt notification documents, such as Office of Tax Analysis (OTA)\n               tax estimate/adjustment letters, Internal Revenue Service (IRS) tax\n               refund/credit letters, Program Entity receipt letters/reports, Deposit\n               Summary Form (SF-215), and CA$HLINKII reports.\n             - Intra-Governmental Payment And Collection (IPAC) transaction reports\n             - Classification Transaction and Accoutability (CTA)/SF-224 worksheet\n               generated from the InvestOne accounting system\n             - FMS-issued warrants (SF-1017)\n             - Investment and Redemption Requests\n             - Investment and Redemption Confirmations\n             - Disbursement request letters from Program Entities\n             - Non-Expenditure Transfer Authorization (SF-1151)\n             - Automated Standard Application for Payments (ASAP) System\n               Transaction by Account ID reports (Unemployment Trust Fund (UTF)\n               Only)\n             - Automated Standard Application for Payments (ASAP) disbursement\n               and transfer request files and reports (UTF Only)\n             - InvestOne accounting system pending transactions report (UTF Only)\n        \xe2\x80\xa2   Cash forecasting report\n        \xe2\x80\xa2   Daily Transaction Support Package (DTSP)\n\n\n                                               9                 Description of Controls Provided\n                                                                 by the Bureau of the Public Debt\n\x0c         \xe2\x80\xa2   Monthly financial review checklist\n         \xe2\x80\xa2   Transaction Reporting System (TRS)/Central Accounting and Reporting\n             System (CARS) Account Statement\n         \xe2\x80\xa2   FIB-generated Monthly Statement of Account\n         \xe2\x80\xa2   Monthly Financial Reconciliation\n\n         \xe2\x80\xa2   Financial Statement Package:\n              - Trial Balance reports\n              - Balance Sheet\n              - Income Statements\n              - FACTS II Trial Balance\n              - FACTS II Adjusted Trial Balance Report\n              - Schedules of Assets and Liabilities, Schedules of Activity, Schedules of\n                Misstatements (Attest Schedules) \xe2\x80\x93 Attest Funds only\n              - InvestOne accounting system to Oracle trial balance report\n                reconciliations\n              - General ledger account reconciliations\n              - Budgetary to proprietary Account Reconciliations\n         \xe2\x80\xa2   UTF Internet Account Statements (UTF only)\n         \xe2\x80\xa2   Federal Unemployment Account (FUA) Pending Report (UTF only)\n         \xe2\x80\xa2   ASAP transaction report (UTF only)\n         \xe2\x80\xa2   UTF InvestOne accounting system Borrowing Reports (UTF only)\n         \xe2\x80\xa2   FMS-2108 Year-End Closing Statement\n\n\nTFMB processes receipt transactions based on warrants provided by FMS or amounts received\nfrom Program Entities and other organizations using the IPAC or CA$HLINKII systems. The\nOTA and IRS are responsible for determining the amount of tax receipts. The Program Entities\nand other organizations are responsible for determining the amount of the non-tax receipts.\n\nTFMB invests the receipts in U.S. Department of the Treasury (Treasury) securities. TFMB\nsummarizes the daily receipts, prepares an Investment Request, and enters the request into\nFedInvest, which purchases the requested security and posts an Investment Confirmation on the\nFedInvest website. TFMB primarily purchases non-marketable Treasury securities that are held\nin the name of the Secretary of the Treasury for the trust funds, such as:\n\n    Non-marketable, market-based securities\n    \xe2\x80\xa2 Bills\n    \xe2\x80\xa2 Bonds\n    \xe2\x80\xa2 Notes\n    \xe2\x80\xa2 One-day securities\n\n    Non-marketable, par value securities\n    \xe2\x80\xa2 Special issue bonds\n    \xe2\x80\xa2 Certificates of indebtedness\n\nThe interest on securities held for the trust funds is credited to the trust funds in accordance with\nlegislation. FIB assigns interest rates for the securities issued to the trust funds. The interest rate\nfor a non-marketable par value security is based on specific legislation or the average monthly\nrate of all outstanding Treasury debt instruments. The interest rate for a non-marketable market-\n\n                                                10                 Description of Controls Provided\n                                                                   by the Bureau of the Public Debt\n\x0cbased security is based on the daily rate established by the Office of Debt Management within the\nTreasury for an equivalent marketable security.\n\nFIB issues non-marketable market based bills, bonds, and notes at a discount or premium. TFMB\namortizes the discounts for bills (i.e., short-term securities) using the straight-line method and the\ndiscounts and premiums for bonds and notes (i.e., long-term securities) using the level yield\nmethod, which approximates the effective interest method.\n\nInterest income is a receipt to the trust fund and is either used to meet Program Entity\ndisbursement requests or is reinvested according to the trust funds\xe2\x80\x99 investment policy. The trust\nfund managers record interest income as either received or accrued each month. Also if a gain or\nloss is sustained when a security is redeemed prior to maturity to meet the cash needs of a\nProgram Entity, the related gain or loss is also recorded.\n\nThe Program Entities that are authorized to use trust fund assets as program resources request\ndisbursements from TFMB. TFMB prepares an Investment/Redemption Request form and enters\nthe request into FedInvest, which redeems the requested amount of securities and posts a\nRedemption Confirmation on the FedInvest website. TFMB enters a non-expenditure transfer\nauthorization into FMS\'s TRS/CARS System to transfer the requested funds to the Program\nEntities. The Program Entities have responsibility for the ultimate disposition of the trust fund\nassets.\n\nThe receipt, investment, investment income, and disbursement activity provide the basis for\nreporting financial information to the Program Entities that use the trust fund resources, as well as\nother interested parties such as the Office of Management and Budget (OMB) and Treasury\noffices. TFMB provides monthly financial reports including the activity and balances to the\nProgram Entities.\n\nThe in-scope BPD functions are shaded in the following organizational chart.\n\n\n\n\n                                                11                 Description of Controls Provided\n                                                                   by the Bureau of the Public Debt\n\x0c                     ORGANIZATIONAL CHART\n\n\n\n\n                                     (BPD)\n                            Bureau of the Public Debt\n\n\n    (ARC)                              (OIT)                                 (OPDA)\nAdministrative           Office of Information Technology                 Office of Public\nResource Center            IT support for Application Security,           Debt Accounting\n                           Application Processing, and Network\n                                         Support\n\n\n\n\n                 (DSPS)                                                   (DFI)\n         Division of Systems and                                   Division of Federal\n            Program Support                                           Investments\n\n\n\n      (PSB)               (SSB)                      (TFMB)                      (FIB)\n    Program              Systems                    Trust Funds                 Federal\n    Support           Support Branch                Management                Investments\n     Branch                                           Branch                    Branch\n                                                    Federal Trust Fund             Process\n                                                      Management            Investment/Redemption\n                                                                               Requests for Fund\n                                                                            Agencies on InvestOne\n                                                                              Accounting System\n\n\n\n\n                                   12                    Description of Controls Provided\n                                                         by the Bureau of the Public Debt\n\x0cRELEVANT ASPECTS OF THE CONTROL ENVIRONMENT, RISK\nASSESSMENT, AND MONITORING\n\nControl Environment\n\nOperations are primarily under the direction of the Office of the Director of the Division of\nFederal Investment (DFI) and the Director of the Division of Systems and Programs Support\n(DSPS), which represent the functional areas listed below:\n\n    \xe2\x80\xa2   Administrative development. Coordinates various aspects of the operations.\n        Identifies areas requiring internal controls and implements those controls.\n        Performs systems planning, development, and implementation. Reviews network\n        operations and telecommunications and performs disaster-recovery planning and\n        database administration.\n\n    \xe2\x80\xa2   Program support. Supports Program Entities in all aspects of their use of the\n        application system including research and resolution of identified problems.\n\n    \xe2\x80\xa2   Operations. Manages daily computer operations, production processing, report\n        production and distribution, and system utilization and capacity.\n\nDFI and DSPS hold bi-weekly management meetings to discuss special processing requests,\noperational performance, and the development and maintenance of projects in process. Written\nposition descriptions for employees are maintained. The descriptions are inspected annually and\nrevised as necessary.\n\nReferences are sought and background, credit, and security checks are conducted for all BPD\npersonnel when they are hired. Additional background, credit, and security checks are performed\nevery three to five years. The confidentiality of Program Entity information is stressed during the\nnew employee orientation program and is emphasized in the personnel manual issued to each\nemployee. BPD provides a mandatory orientation program to all full time employees and\nencourages employees to attend other formal outside training.\n\nAll BPD employees receive an annual written performance evaluation and salary review. These\nreviews are based on goals and objectives that are established and reviewed during meetings\nbetween the employee and the employee\xe2\x80\x99s supervisor. Completed appraisals are reviewed by\nsenior management and become a permanent part of the employee\xe2\x80\x99s personnel file.\n\nRisk Assessment\n\nBPD has placed into operation a risk assessment process to identify and manage risks that could\naffect TFMB\xe2\x80\x99s ability to provide reliable transaction processing for Program Entities. This\nprocess requires management to identify significant risks in their areas of responsibility and to\nimplement appropriate measures and controls to manage these risks.\n\nAdditionally, all mission-critical systems and general support systems are subject to an internal\nrisk-based review every three years. This review identifies assets and possible threats to these\nassets, provides a measure of vulnerability of the system to these threats, and confirms control or\nprotective measures are in place.\n\n\n\n                                              13                 Description of Controls Provided\n                                                                 by the Bureau of the Public Debt\n\x0cMonitoring\n\nBPD management and supervisory personnel monitor the quality of internal control performance\nas a normal part of their activities. Management and supervisory personnel inquire and ensure the\ntrust fund managers process transactions and perform internal controls. In addition, management\nreviews financial reports that summarize the trust fund transaction processing. One key control is\nthat each month the trust fund managers reconcile the trial balance reports from the InvestOne\naccounting system to the CARS Account Statement. In addition, TFMB prepares and reconciles\nthe Federal Agencies Centralized Trial-Balanced System (FACTS II) submission reports to the\ntrial balance reports each quarter.\n\n\n\n\n                                              14                Description of Controls Provided\n                                                                by the Bureau of the Public Debt\n\x0cINFORMATION AND COMMUNICATION\n\nInformation Systems\n\nInvestOne Accounting System Description\n\nThe InvestOne accounting system is a vendor supplied subsystem of the Government Agency\nInvestment Services System (GAISS). The InvestOne accounting system is used to record and\nreport trust fund activity processed by TFMB. The InvestOne accounting system is licensed by\nSunGard Investment Systems, Inc. The InvestOne accounting system resides on BPD\xe2\x80\x99s\nmainframe. The Office of Information Technology (OIT) provides the primary support for\nmaintaining the InvestOne accounting system. This includes mainframe operations (batch\nprocessing and reporting), custom report writing, application change management, data\nmanagement, tape backup and recovery, user access security, remote access and continuity\nmanagement. The InvestOne accounting system is accessed through the network using a terminal\nemulator that enables communication with OIT mainframe applications. The InvestOne\naccounting system also provides a report writer package called Spectra that provides users with\nthe ability to create their own reports. BPD uses Spectra to create reports, which provide\nfunctionality not included in the standard InvestOne accounting system reports.\n\nThe trust fund managers receive supporting documentation on a daily basis for recording trust\nfund activity. The trust fund managers record the activity as the supporting documentation is\nreceived into the InvestOne accounting system. This process provides the trust fund managers\nwith information on daily cash balances that helps them ensure that the activity was processed\nand invested correctly. The InvestOne accounting system provides monthly trial balance reports\nand financial reports.\n\nFedInvest Description\n\nFedInvest, also a subsystem of GAISS, is a vendor-developed, web-based extension to the\nInvestOne accounting system that provides access to the federal investments information through\nthe Internet. FedInvest allows federal investment fund managers to assume direct responsibility\nfor managing their respective accounts. Using FedInvest, federal agencies are able to input\ntransactions into InvestOne accounting system, as well as view account statements and\ntransaction information over the Internet. Additionally, FedInvest provides an interface to the\nInvestOne accounting system for internal fund managers in BPD\xe2\x80\x99s DFI. FedInvest includes edits\nthat serve to enforce federal investment program policies resulting in improved data quality in the\nInvestOne accounting system.\n\nFedInvest also includes two extensions that are available only to BPD internal users. The\nCustomer Role Management (CRM) module is used by DSPS Information System Security\nRepresentatives (ISSRs) to manage FedInvest users and their access to associated investment\naccount information. CRM is used by FIB accountants to manage security type and account\ninformation. CRM is also used to create and post broadcast messages (announcements) that are\nseen by users signed onto the system, and establish email communication to all system users and\ntheir agency Chief Financial Officers. The Rate Price Administration (RPA) module is used by\nFIB accountants to load rates/prices, publish rates/prices on the Treasury Direct website, apply\nprices to pending market-based transactions, post pending par value redemption transactions, and\nupdate FedInvest with the Consumer Price Index (CPI) for processing TIPS transactions.\n\n\n\n                                              15                 Description of Controls Provided\n                                                                 by the Bureau of the Public Debt\n\x0cOracle Federal Financials (Oracle) Description\n\nAdministrative Resource Center (ARC) has outsourced the hosting of Oracle Federal Financials\nto Oracle Corporation\xe2\x80\x99s Oracle on Demand service. As the hosting company for ARC, Oracle on\nDemand staff serve as the database and system administrator and provides backup and recovery\nservices. The Oracle system physically resides in a caged federal environment within Oracle on\nDemand\xe2\x80\x99s Austin Data Center and is only accessible via a Virtual Private Network (VPN)\nbetween BPD and Oracle on Demand.\n\nOracle on Demand operates Oracle version 11i, Oracle 10g database in a Linux operating system\nenvironment. Oracle uses a two-tier web-based infrastructure with a front-end Internet user\ninterface and a database residing on the secure network. Oracle accesses the database IP to IP on\na specified port that was defined in the Access Control List. Internet access is via a 128-bit\nSecure Sockets Layer (SSL) encrypted connection. Oracle is compliant with Section 508 of the\nRehabilitation Act Amendment for 1998 for Americans with Disabilities (ADA).\n\nTFMB uses Oracle to report trust fund transactions processed through the InvestOne accounting\nsystem (for all trust funds except the Unemployment Trust Fund). TFMB also uses a report\nwriter package called Discoverer that provides users with the ability to create their own ad hoc\nreports for query purposes.\n\nCommunication\n\nBPD has implemented various methods of communication to ensure that all employees\nunderstand their individual roles and responsibilities over transaction processing and controls.\nThese methods include orientation and training programs for newly hired employees, and use of\nelectronic mail messages to communicate time sensitive messages and information. Managers\nalso hold periodic staff meetings as appropriate. Every employee has a written position\ndescription that includes the responsibility to communicate significant issues and exceptions to an\nappropriate higher level within the organization in a timely manner.\n\n\n\n\n                                              16                 Description of Controls Provided\n                                                                 by the Bureau of the Public Debt\n\x0cCOMPLEMENTARY PROGRAM ENTITY CONTROLS\n\nBPD\xe2\x80\x99s processing of transactions and the controls over the processing were designed with the\nassumption that certain controls would be placed in operation by Program Entities. The\napplication of specific controls at customer organizations is necessary to achieve all control\nobjectives included in this report.\n\nThis section describes some of the controls that should be in operation at Program Entities to\ncomplement the controls at BPD. Program Entity auditors should determine whether Program\nEntities have established controls to provide reasonable assurance that:\n\n\xe2\x80\xa2   Ensure that access to the FedInvest system is restricted to properly authorized individuals.\n\n\xe2\x80\xa2   Verify that only authorized receipts are deposited into the trust funds.\n\n\xe2\x80\xa2   Determine and approve receipt amounts.\n\n\xe2\x80\xa2   Provide receipt information to TFMB within the required time frames.\n\n\xe2\x80\xa2   Review the monthly financial reports provided by TFMB to ensure that receipts are posted\n    accurately.\n\n\xe2\x80\xa2   Verify that the type and term of the investments purchased are appropriate in relation to\n    expected cash flow needs.\n\n\xe2\x80\xa2   Verify that the type and term of the investments purchased and related investment income are\n    appropriate in relation to expected cash flow needs.\n\n\xe2\x80\xa2   Verify that only authorized disbursement requests are used for withdrawals from the trust\n    funds.\n\n\xe2\x80\xa2   Determine and approve the disbursement requests.\n\n\xe2\x80\xa2   Provide disbursement requests to TFMB within the required time frame.\n\n\xe2\x80\xa2   Ensure that the systems they use to support on-line access to the Automated Standard\n    Application for Payments System (ASAP) are approved, tested, and properly monitored.\n    (Unemployment Trust Funds (UTF) only)\n\n\xe2\x80\xa2   Restrict access to the ASAP to authorized individuals. (UTF only)\n\n\xe2\x80\xa2   Verify that disbursement requests are accurately entered into the ASAP system. (UTF only)\n\n\xe2\x80\xa2   Review the monthly trust fund financial reports provided by TFMB to ensure that\n    disbursements are posted accurately.\n\n\xe2\x80\xa2   Reconcile fund balance with Treasury from their records to FMS records to ensure that they\n    receive the proper trust fund disbursements.\n\n\n\n                                               17                 Description of Controls Provided\n                                                                  by the Bureau of the Public Debt\n\x0c\xe2\x80\xa2   Reconcile disbursement records to their bank\xe2\x80\x99s records to ensure that they receive the proper\n    trust fund disbursements. (UTF only)\n\n\xe2\x80\xa2   Review the monthly trust fund financial reports to ensure that transactions are recorded\n    accurately.\n\n\xe2\x80\xa2   Review their UTF account statements, transaction statements, and Federal activity reports to\n    ensure that transactions are recorded accurately.\n\n\xe2\x80\xa2   Verify that transactions are recorded accurately into Federal Agencies\xe2\x80\x99 Centralized Trial\n    Balance System (FACTS II).\n\n\xe2\x80\xa2   Verify that borrowing requests are accurately entered into the ASAP system (UTF only).\n\n\xe2\x80\xa2   Verify that borrowing amounts are not in excess of the amount approved by the U.S.\n    Department of Labor.\n\n\xe2\x80\xa2   Review the reports provided by TFMB to ensure that borrowing, interest, and repayment\n    transactions are recorded accurately.\n\nSpecific complementary Program Entity controls are provided for Control Objectives 5, 9, 10, 11,\n13, 15, and 16 in the Control Objectives, Related Controls, and Tests of Operating Effectiveness\nsection of this report.\n\n\n\n\n                                             18                Description of Controls Provided\n                                                               by the Bureau of the Public Debt\n\x0cSUB-SERVICE ORGANIZATIONS\n\nIn order to provide trust funds management processing services, TFMB relies on systems and\nservices provided by other organizations external to BPD (sub-service organizations). The\nfollowing table describes the types of the sub-service organizations used by FIB. These sub-\nservice organizations were not subject to examination by KPMG LLP.\n\n  Name of Sub-       Name of system                    Function/Responsibilities\n    service\n  Organization\n\n Internal Revenue    N/A               At the end of each calendar quarter the IRS certifies\n Service (IRS)                         the excise taxes actually collected and sends the\n                                       certification to FMS. The IRS generally certifies\n                                       excise taxes two quarters after the taxes are estimated\n                                       (i.e., 1st quarter estimate is certified in the 3rd quarter).\n                                       The IRS determines the amount of excise tax\n                                       refunds/credits and sends the adjustment to TFMB to\n                                       be processed.\n\n Treasury - Office   N/A               Treasury\xe2\x80\x99s OTA estimates the monthly excise taxes\n of Tax Analysis                       based on projected excise tax receipts and sends the\n (OTA)                                 estimate to FMS.\n                                       Treasury\xe2\x80\x99s OTA estimates the monthly taxes,\n                                       determines the amounts to be transferred to the\n                                       appropriate trust funds, and sends the estimate to FMS.\n\n Treasury            N/A               FMS issues a warrant (SF-1017) to increase the\n Financial                             respective trust fund\xe2\x80\x99s account, with each warrant\n Management                            containing exactly half of the OTA estimated monthly\n Service (FMS)                         excise taxes. FMS sends the warrant and excise tax\n                                       estimate to TFMB.\n                                       FMS calculates the excise tax adjustment as the\n                                       difference between the excise taxes estimated by OTA\n                                       and excise taxes certified by the IRS. FMS issues\n                                       TFMB a warrant for the excise tax adjustment to\n                                       increase or decrease the respective trust fund\xe2\x80\x99s\n                                       account.\n                                       FMS sends TFMB the daily Federal Insurance\n                                       Contribution Act (FICA) and Self-Employment\n                                       Contribution Act (SECA) tax deposit information.\n                                       TFMB allocates the deposits to the appropriate trust\n                                       funds based on the monthly OTA estimates and\n                                       provides the investment amounts to FMS. FMS\n                                       confirms the investment totals back to TFMB and\n                                       prepares the tax warrant.\n\n\n\n                                           19                  Description of Controls Provided\n                                                               by the Bureau of the Public Debt\n\x0cName of Sub-   Name of system                    Function/Responsibilities\n  service\nOrganization\n\n               Government On-      The Program Entities generate a file in the IPAC\n               line Accounting     System to allocate the funds to the proper trust funds.\n               System (GOALS)      TFMB receives the IPAC transaction report from the\n                                   FMS GOALS system.\n\n\n               Intragovernmental TFMB receives the daily receipt reports from the\n               Payment and       Program Entities and the IPAC transaction report from\n               Collection (IPAC) the FMS GOALS system.\n               System\n                                 Federal agencies make payments to the Department of\n                                 Labor using the IPAC System. The Department of\n                                 Labor receives IPAC transactions, maintains the\n                                 Federal Employees Compensation Act accounts\n                                 receivable, and deposits collections in the UTF via SF-\n                                 224.\n                                   For each redemption transaction, the trust fund\n                                   manager obtains the related IPAC report from the\n                                   IPAC system.\n\n               CA$HLINKII          The Budget Reports Division of FMS prepares\n                                   warrants based on collections reported to FMS through\n                                   CA$HLINKII. The warrants are forwarded to TFMB.\n\n               Central             TFMB uses the automated CARS system, maintained\n               Accounting and      by FMS, to process transfers.\n               Reporting System\n                                   FMS configured the CARS system to authorize TFMB\n               (CARS)              to transfer funds from the trust fund accounts to\n                                   Program Entities\xe2\x80\x99 accounts but not to transfer funds\n                                   from Program Entities\xe2\x80\x99 accounts to the trust fund\n                                   accounts.\n                                   FMS authorizes the CARS system to send the\n                                   disbursement request to the STAR system using an\n                                   automated interface. The CARS system changes the\n                                   status of the transfer request to \xe2\x80\x9cSTAR POSTED\xe2\x80\x9d on\n                                   the CARS system.\n\n               FACTS II            TFMB reports trust fund budget execution data in\n                                   FACTS II.\n\n\n\n\n                                      20                 Description of Controls Provided\n                                                         by the Bureau of the Public Debt\n\x0c Name of Sub-     Name of system                  Function/Responsibilities\n   service\n Organization\n\n                  Central           For disbursement processing, the STAR system\n                  Accounting        transfers the funds from the trust fund account to the\n                  System (STAR)     Program Entity account.\n                                    TFMB submits, via GOALS, a SF-224 Statement of\n                                    Transaction report (SF-224), which posts to STAR,\n                                    and the appropriate Trust Fund accounts are adjusted\n                                    for the refunds/credits.\n\n                  Automated         Program Entities must submit all disbursement\n                  Standard          requests using the ASAP system. Each day, Program\n                  Application for   Entities must enter their disbursement requests into the\n                  Payments (ASAP)   ASAP system by 6:00 pm EST if requesting a wire\n                  System            transfer and by 11:59 pm EST if requesting an\n                                    Automated Clearing House payment.\n                                    During the morning of the next business day, the\n                                    ASAP system transmits a file to the InvestOne\n                                    accounting system that contains all of the disbursement\n                                    and transfer requests.\n\nFederal Reserve   N/A               The Federal Reserve Bank of New York accesses\nBank of New                         CA$HLINKII, a Treasury on-line system in which\nYork                                deposit and withdrawal information is maintained at\n                                    the detail and summary level, and uploads the deposit\n                                    information into the Unemployment Trust Fund\n                                    activity location code.\n\nAdministrative    Oracle            Oracle is used to report trust fund transactions\nResource Center                     processed through the InvestOne accounting system\n                                    (for all trust funds except the Unemployment Trust\n                                    Fund).\n\nFederal           N/A               FIB processes and confirms investment/redemption\nInvestments                         transactions and balances.\nBranch (FIB)\n\n\n\n\n                                       21                 Description of Controls Provided\n                                                          by the Bureau of the Public Debt\n\x0cIV.   CONTROL OBJECTIVES, RELATED CONTROLS, AND\n          TESTS OF OPERATING EFFECTIVENESS\n\n\n\n\n                       22\n\x0cGENERAL COMPUTER CONTROLS\n\nControl Objective 1 \xe2\x80\x93 System Software\nControls provide reasonable assurance that changes to system software are authorized, tested,\napproved, properly implemented, and documented.\nDescription of Controls\nThe Bureau of the Public Debt (BPD) has documented procedures for the authorization, testing,\napproval, implementation, and documentation of system software changes.\nThe InvestOne accounting system operates within a mainframe environment 1. The FedInvest\nsystem is operated within a client-server environment 2,3. Mainframe and client-server system\nsoftware products are under vendor control for maintenance and support. Upgrades to these\nproducts are obtained from the vendors and installed by the Office of Information Technology\n(OIT) specialists.\nFor system software changes, BPD uses the iET product for change management. All system\nsoftware changes (i.e., new product installations, maintenance upgrades, etc.) require a change\nrecord to be opened in iET. A change record can be opened by any specialist in OIT\xe2\x80\x99s division\nresponsible for effecting such changes or the change control coordinator. The iET change record\nincludes a description of the change, implementation date of the change, a justification, and a\nback-up/back-out plan.\nChanges are initially discussed at the weekly change control meetings. Attendees include OIT\nrepresentatives impacted by the proposed change. Notification is sent to the assistant\ncommissioner, division directors, branch managers and/or staff personnel. Following the\nmeeting, the change control coordinator prepares and distributes the Weekly Change Control\nMemorandum with information on changes for the upcoming week. This memorandum describes\nthe system changes, effective dates, reasons for changes or problems the changes will resolve.\nThere is also a reference to the iET change control number.\nBefore system software changes can be moved to production, they are tested in accordance with\nthe BPD\xe2\x80\x99s system software change control procedures. These procedures document the\nauthorization, testing, approval, implementation, and documentation requirements for system\nsoftware changes. Changes progress through various environments, which differ according to the\n\n1\n    Which consists of the following system software products:\n       \xe2\x80\xa2    z/OS Operating System\n       \xe2\x80\xa2    Customer Information Control System (CICS)\n       \xe2\x80\xa2    ACF2 Security\n       \xe2\x80\xa2    Tape Management System (TMS)\n       \xe2\x80\xa2    Control M and D (Production and Print scheduling)\n       \xe2\x80\xa2    ETF/A (Emergency Change Control)\n       \xe2\x80\xa2    MQSeries\n       \xe2\x80\xa2    DB2\n2\n    The FedInvest system is composed of the following system software components:\n        \xe2\x80\xa2    Spring\n        \xe2\x80\xa2    Hibernate\n        \xe2\x80\xa2    Java Server Faces\n        \xe2\x80\xa2    JAVA\n        \xe2\x80\xa2    Windows Server 2003\n        \xe2\x80\xa2    Sybase\n        \xe2\x80\xa2    WebSphere Application Server\n3\n    Reliant Services:\n        \xe2\x80\xa2     LDAP access to Enterprise Directory Services\n        \xe2\x80\xa2     SMTP access to Domino messaging service\n                                                                23\n\x0ctype of system infrastructure. For the mainframe, there are three separate environments: test,\nacceptance, and production. Each environment is a logical environment with its own datasets\nand libraries. Mainframe changes are first tested by a programmer in the test environment;\nmoved to acceptance, tested, and then changes are moved to the production environment\nfollowing approval. For changes to distributed software, changes are promoted up through\nintegration, acceptance, and production regions within similar controls described above.\nAll changes are reviewed and coordinated at the weekly change control meeting, and approved by\nthe change control coordinator prior to being moved into the production environment.\nAll emergency changes follow the same process as indicated above, with the exception that\nchanges move through the environments at an accelerated rate. Testing and approval of these\nchanges are documented in iET.\nBPD has established a process that allows system programmers and database administrators to\nhave temporary access to the Production mainframe environment through the use of a \xe2\x80\x9cfire-call\xe2\x80\x9d\nID product that allows them elevated privileges for system software and application changes.\nThe operating system is configured to monitor and log such activity for review and approval by\nmanagement; management reviews these logs within a reasonable timeframe after the use of\n"fire-call".\nOIT reviews the use of sensitive system utilities included in the protected programs group on a\nweekly basis and limits access to these programs based on job responsibility.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected written procedures for system software configuration management and determined\n   that procedures were documented, including procedures to document, test, authorize, and\n   approve system software changes, and properly implement changes into production.\n\n2. Inspected the emergency system software change procedures and determined that procedures\n   for implementing emergency system software changes were documented, including approval\n   by management.\n\n3. Inspected vendor maintenance support contracts for system software and determined that the\n   contracts existed and were current.\n\n4. For a selection of system software change records, inspected iET tickets and determined that\n   iET was used throughout the examination period to log, track, and monitor system software\n   changes.\n\n5. For a selection of dates, inspected Weekly Change Control Memorandums and determined\n   that weekly change control meetings were held to discuss planned changes with the potential\n   to impact the InvestOne accounting system or FedInvest application system software.\n\n6. For a selection of system software changes and emergency system software changes,\n   inspected supporting documentation and determined that the changes were tested, authorized,\n   and approved prior to implementation.\n\n7. Inspected a list of users with access to use fire-call and determined that the list was\n   commensurate with job responsibilities.\n\n8. For a selection of days, inspected fire-call logs and evidence of review, and determined that\n   fire-call logs were reviewed by OIT management.\n                                              24\n\x0c9. For a selection of weeks, inspected evidence of OIT\xe2\x80\x99s review of reports for sensitive system\n   utilities in the protected programs group and determined that the reports were reviewed.\n\nNo exceptions noted.\n\n\n\n\n                                              25\n\x0cControl Objective 2 \xe2\x80\x93 Vendor Software\nControls provide reasonable assurance that implemented new releases of vendor-supplied\napplications are authorized, tested, approved, properly implemented, and documented.\nDescription of Controls\nBPD has documented procedures for the testing and authorization of new releases of vendor\nsupplied applications. The change control process is under the control and direction of the Office\nof Public Debt Accounting (OPDA).\nThe InvestOne accounting system is licensed by SunGard Investment Systems, Inc (SunGard).\nBPD has a maintenance and support contract for the InvestOne accounting system with SunGard.\nOIT is responsible for of all maintenance and support of the FedInvest system.\nSunGard periodically provides new releases of the InvestOne accounting system, including\ndocumentation. Each new release requires comprehensive testing. The Division of Systems and\nProgram Support (DSPS) tests the new InvestOne accounting system releases developed by\nSunGard consistent with change control procedures for OPDA systems. New InvestOne\naccounting system releases are installed in the Test environment where they are initially tested.\nAfter successful completion of testing, OIT migrates the InvestOne accounting system new\nrelease to the Acceptance environment, where it is subjected to acceptance testing by users. OIT\nonly installs an InvestOne accounting system new release in the Production environment after all\ntesting has been successfully completed and management has approved the InvestOne accounting\nsystem new release for implementation in the Production environment. BPD loaded InvestOne\nversion 9.1 in December 2010.\nIn addition to new releases, SunGard will periodically provide fix tapes for the InvestOne\naccounting system. Fix tapes, which address certain InvestOne accounting system issues, are\nnarrower in scope than new releases. Based on what changes a particular fix tape includes, BPD\nmanagement will decide whether or not to implement the fix tape. If BPD management decides\nto implement the fix tape, the fix tape is migrated through the Test and Acceptance environments.\nFix tapes are installed in the Production environment only after successful completion of testing\nin the Test and Acceptance environments and management approval for migration into the\nProduction environment.\nDSPS also tests changes to the InvestOne accounting system application reports, developed by\nSunGard Investment Systems, Inc. using the same change control procedures described above.\nIn addition, BPD uses the version control software to manage the upgrades and enhancements.\nChanges are only migrated into the production environment once all responsible parties approve\nthe change in the version control software. Access to migrate changes via the version control\nsoftware is limited based on job responsibility.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected procedures for the implementation of new releases of vendor supplied applications,\n   and determined that they were documented and included requirements for authorization,\n   testing, documentation, and approval.\n\n2. Inspected vendor maintenance support contracts for the InvestOne accounting system\n   software and determined that the contracts existed and were current.\n\n3. For new InvestOne releases, inspected supporting documentation and determined that the\n   enhancements were tested, approved, properly implemented and documented.\n\n                                               26\n\x0c4. There were no fix tapes implemented during the examination period. We inquired of\n   management regarding the fix tape implementation process and inspected the listing of\n   vendor software changes and enhancements and determined that there were no fix tapes\n   recorded.\n\n5. Inspected version control software access permissions and determined that access\n   permissions to migrate changes to the production environment were restricted commensurate\n   with job responsibilities.\n\nNo exceptions noted.\n\n\n\n\n                                            27\n\x0cControl Objective 3 \xe2\x80\x93 Program Change Control\nControls provide reasonable assurance that development of new applications and changes to\nexisting applications are authorized, tested, approved, properly implemented, and documented.\nDescription of Controls\nBPD has documented procedures for the authorization, testing, approval, implementation, and\ndocumentation of application software changes. The application change control process is under\nthe control and direction of OPDA.\nSunGard has custom built additional application components for data entry and reporting.\nIncluded is the FedInvest application, which functions as a web-based user interface that\nProgram Entities can use for entering transactions into the InvestOne accounting system. For\nreporting, BPD has built internally-developed programs utilizing RM (desktop) COBOL and\nmainframe COBOL that generate customized reports to provide information unavailable in the\nstandard InvestOne accounting system reporting package.\nFor RM COBOL, OIT uses a version control software 4 to control access to source code for these\ninternally-developed programs and to facilitate version control by requiring developers to check\nsource code in and out using version control software. These programs read the data from the\nInvestOne accounting system and create reports. Specifically, data is downloaded from\nInvestOne accounting system, using standard processes, to a data file on the mainframe then via\nftp to the servers where the programs execute. Data is not sent from these programs to the\nInvestOne accounting system. The reports are used by the trust fund managers, sent to Fund\nAgencies, or sent to U.S. Department of Treasury\xe2\x80\x99s Financial Management Service, the Office of\nDebt Management and Office of Fiscal Projection. The Congressional Budget Office also\nreceives reports generated from the InvestOne accounting system.\nFor mainframe COBOL, OIT uses a version control software 5 to control access to source code for\nthese internally-developed programs and to facilitate version control. These programs were\ndeveloped by OIT and reside on the mainframe, where these programs execute.\nFor FedInvest and customized reports, OIT uses a version control software 6 to control access to\nsource code for the vendor supplied and BPD managed programs to facilitate version control.\nChanges to FedInvest were developed by SunGard between August 1, 2008 and September 30,\n2008 and by OIT between October 1, 2008 and July 31, 2009.\nDSPS provides support for the design and testing of the above changes. DSPS creates the\nrequirements documentation, which is then provided to OIT (or SunGard) for development.\nDSPS manages the request, documentation, testing, and approval process using a Change Control\nChecklist and iET.\nChanges using version control software progress through four separate environments: Test\nIntegration, Acceptance, and Production. A change is first tested by the programmer in the Test\nor Integration environment. It is then migrated to the Acceptance environment where a user tests\nthe change using example transactions and Acceptance environment files and libraries.\nEach change is reviewed by the user groups that are affected by the change, and each group\nprovides user concurrence that they accept the change. Following user concurrence, a senior staff\nmember reviews the testing materials and completes the Change Control Checklist indicating that\ntesting has been completed. The package is provided to the DSPS Branch Manager for final\nreview and approval.\n\n4\n  Microsoft Visual Source Safe\n5\n  Endevor\n6\n  ClearCase\n                                               28\n\x0cOnce the DSPS Branch Manager approves the change, DSPS sends a Network Services Request\nto OIT to move the change into the Production environment. Upon notification of an accepted\nchange, OIT creates an update package in version control software. Only approved changes are\ninstalled in the Production environment.\nFor mainframe COBOL, the version control software is an application through which users\napprove changes. This version control software is also used to move changed program files into\nthe Production environment. This version control software will not allow changes to be migrated\nfrom the Acceptance environment into production until the changes have been approved. Access\nto migrate changes to Production via the version control software change control software is\nlimited based on job responsibility.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected application software change procedures and determined that they were documented\n   and included requirements for authorization, testing, documentation, and approval.\n\n2. Inspected the access permissions and inquired of OIT management and determined that\n   access to source code for internally-developed programs was commensurate with job\n   responsibilities.\n\n3. Inspected the access control lists for FedInvest and customized reports version control\n   software and determined that access to the source code for FedInvest was commensurate with\n   job responsibilities.\n\n4. Inspected a selection of change records in iET and determined that iET was used throughout\n   the examination period to log, track, and monitor application software changes.\n\n5. For a selection of application software changes, inspected supporting documentation and\n   determined that the changes were tested and approved.\n\n6. Inspected version control software access permissions and determined that access\n   permissions to migrate changes to the production environment were restricted commensurate\n   with job responsibilities for mainframe COBOL and FedInvest.\n\nNo exceptions noted.\n\n\n\n\n                                              29\n\x0cControl Objective 4 \xe2\x80\x93 Physical Access\nControls provide reasonable assurance that physical access to computer equipment and storage\nmedia is restricted to authorized individuals.\nDescription of Controls\nBPD has documented policies and procedures for controlling physical access to BPD buildings\nand to the data center. These include:\n     \xe2\x80\xa2     Identification of sensitive/critical areas to which access needs to be restricted.\n     \xe2\x80\xa2     Physical access controls designed to detect unauthorized access.\n     \xe2\x80\xa2     Procedures for log reviews and investigation of violations.\nThe InvestOne accounting system mainframe and FedInvest servers reside in OIT\xe2\x80\x99s data center.\nVarious physical access controls protect the facilities. 7\nThe Security Branch issues employee badges, after performing security background checks and\nfingerprinting.\nEmployees are required to have badges available at all times upon request.\nTerminated employees are required to surrender identification badges and are removed from the\ndatabase security system immediately.\nPhysical access to the OIT Data Center is restricted to authorized users only. An employee\nneeding access to the data center must have his/her Branch Manager request access. The requests\nare made through iET, a workflow system that is used to approve data center access. After the\nBranch Manager completes and submits the iET request form, requests are forwarded to OIT\'s\ndata center managers for approval in the iET. If OIT approves the request, the BPD Division of\nSecurity and Emergency Preparedness (DSEP) Security Branch grants access. Access to all\nsensitive areas requires use of a badge. The use of a badge provides an audit trail that is reviewed\nby OIT management monthly for potential access violations. Any unauthorized access attempts\nare followed-up on by contacting the individual\xe2\x80\x99s supervisor. Individuals without badge access to\nthe data center must be escorted to the command center and are required to sign in/out of a Visitor\nlog to be issued a data center visitor badge. Visitor badges do not have access to the data center,\nbut rather designate the individual as a visitor. A visitor log is maintained at the main entrance to\nthe data center. 8\nOIT performs a monthly review of individuals\xe2\x80\x99 access patterns of the data center for the previous\nmonth. OIT performs a semiannual reconciliation of individuals authorized data center access to\nindividuals granted data center access by DSEP. Additionally, OIT performs an annual review\nand recertification of individuals with access to the data center. If an individual is found to have\nunauthorized data center access, OIT will, based on the individual\xe2\x80\x99s need for access, make a\ndecision whether to request that DSEP remove their data center access or whether to provide\nauthorization for their access.\n\n\n\n\n7\n  Armed security guards man and monitor BPD facilities 24 hours a day, 7 days a week. A digital video camera system monitors all\nentrances, the building perimeter, and certain interior areas, including the data center, and records activity 24 hours a day. All people\nentering each building are required to place any materials, packages, bundles, etc. onto an x-ray machine. Entrants are also required to\npass through a walkthrough metal detector. An activation of the walkthrough metal detector results in further screening by the\nsecurity guard, utilizing a handheld metal detector to identify the source of activation. In addition, entrants must swipe their badges\ninto an access control system that grants access to authorized personnel.\n8\n  Only designated DSEP specialists have access to PACS. Vendors that are authorized to have a badge are issued a One-day badge\nand must leave their access badge onsite following completion of work in the data center. A log of One-Day badges is maintained and\nreviewed weekly .\n                                                                  30\n\x0cTests of Operating Effectiveness and Results of Testing\n\n1. Inspected physical access policies and procedures for the data center and determined that they\n   were documented and included the identification of sensitive/critical areas to which access\n   needs to be restricted, physical access controls designed to detect unauthorized access, and\n   procedures for log reviews and investigation of violations.\n\n2. Observed physical access controls of BPD buildings and the OIT data center and noted that\n   security guards, video cameras, badge readers, displayed badges by employees, and locked\n   doors were in place and in operation to restrict access.\n\n3. Observed persons entering BPD buildings and noted that persons were required to place any\n   materials, packages, bundles, etc. onto an x-ray machine, and additionally were required to\n   pass through a walkthrough metal detector.\n\n4. Observed persons entering BPD buildings and noted that an activation of the walkthrough\n   metal detector resulted in further screening by the security guard, utilizing a handheld metal\n   detector to identify the source of activation.\n\n5. Observed entrants swipe their badges into the access control system and noted that the\n   controls system granted access to authorized personnel.\n\n6. For a selection of personnel granted data center access, inspected supporting documentation\n   and determined that access badges were issued to personnel with a completed background\n   check and fingerprinting.\n\n7. Observed employees within the BPD buildings and noted that badges were displayed.\n\n8. Inspected the data center access list and compared to a list of separated employees and\n   determined that separated employees were removed from the badge reader system.\n\n9. Inspected a list of employees with card key access to the data center and tape storage room\n   from the card security system and an organizational chart showing employees requiring\n   access to the data center and tape storage room and determined that physical access to the\n   OIT data center was restricted to authorized employees only.\n\n10. For a selection of employees and contractors granted access to the data center during the\n    examination period, inspected the iET record for the access granted and determined that\n    access was approved by the data center manager.\n\n11. Inspected permissions to access the PACS badge system of BPD security management, and\n    determined that access permissions to the physical access systems were commensurate with\n    job responsibilities.\n\n12. For a selection of months, inspected evidence of the monthly review of violation logs and\n    determined that a review to identify unauthorized access attempts was performed. We\n    determined that there were no violations for the selections and follow-up was not required..\n\n13. For a selection of dates, inspected visitor logs and determined that visitor logs were reviewed\n    by OIT management.\n\n\n\n                                                31\n\x0c14. For a selection of days, inspected shift logs and determined that an inventory of vendor\n    badges was performed.\n\n15. Inspected documentation of the monthly review of physical access privileges to the data\n    center and determined that access privileges were reviewed.\n\n16. Inspected documentation of the annual recertification of physical access privileges to the data\n    center and determined that access privileges were recertified.\n\nNo exceptions noted.\n\n\n\n\n                                                32\n\x0cControl Objective 5 \xe2\x80\x93 Logical Access\nControls provide reasonable assurance that logical access to system and application software is\nrestricted to authorized individuals.\nDescription of Controls\nBPD has guidelines for the preparation of security plans for applications and systems that process\nSensitive but Unclassified information. All mission-critical systems and general support systems\nare subject to an internal risk-based review every three years. This review identifies assets and\npossible threats to these assets, provides a measure of vulnerability of the system to these threats,\nand confirms control or protective measures are in place.\nThe InvestOne accounting system is classified as a mission-critical system.\nInvestOne accounting system security along with the host mainframe\xe2\x80\x99s security package controls\naccess to the InvestOne accounting system. InvestOne accounting system security restricts access\nto accounts within the system based on user banks and user identification (UID). InvestOne\naccounting system access is restricted to authorized personnel. The security settings are also\nused to restrict OIT personnel\xe2\x80\x99s access to system software, data files, and program libraries.\nFedInvest is a web-based user interface through which users have access to enter transactions into\nand view InvestOne accounting system data. External users are limited to accessing InvestOne\naccounting system data through FedInvest. External users that invest in Government Account\nSeries (GAS) securities are able to connect to FedInvest over the Internet to input transactions\ninto the InvestOne accounting system as well as to view account statements and transaction\ninformation.\nAdministrator access permissions are allocated in the FedInvest and the InvestOne accounting\nsystem users commensurate with their job responsibilities.\nOPDA follows BPD system administration security password guidelines/procedures to establish\nand maintain passwords. 9 Passwords are not displayed when entered. The reserved word feature\nis enabled to prevent the use of commonly used words in passwords.\nInformation System Security Representatives (ISSRs) manage access to the InvestOne accounting\nsystem. Users must complete and submit an Access Request/ Revoke Form to the Division of\nFederal Investments (DFI) who approves the form and forwards to DSPS before access is\ngranted. DFI personnel authorize the form and forward to OPDA ISSRs to process the request.\nDSPS has documented procedures for granting access. Modifications to user accounts require use\nof the same Access Request/Revoke Form.\nExternal users must have their supervisor\xe2\x80\x99s approval along with DFI approval documented on an\nAccess Request/Revoke form before access is granted to FedInvest. When an external user\naccesses InvestOne accounting system data, they enter a user ID and password into FedInvest.\nUser IDs are authenticated by a security utility 10. If the required authentications failed, the user\nwould be prevented from accessing InvestOne accounting system data through FedInvest.\nISSRs remove FedInvest and InvestOne accounting system access from users at the request of\ntheir managers/supervisors or FIB personnel. Each access removal request is documented on an\nAccess Request/Revoke Form.\nOn a routine basis, ISSR reviews Internal Violations Reports for any inappropriate activity;\nfollow-up is notated on the report.\n9\n  These guidelines require passwords to be at least 8 characters in length, changed every 30 days for ACF2 and every 90 days for\nLDAP, and unique for each individual.\n10 BPD\'s standard authentication utility, BPDLogin, is used to authenticate users. User credentials are stored in BPD\'s enterprise\ndirectory.\n                                                                 33\n\x0cAdditionally, on a periodic basis an ISSR reviews a report of all InvestOne accounting system\nuser IDs that have not been used to access InvestOne accounting system within a predetermined\nnumber of days 11. The ISSR follows up with any affected users by email or by phone.\nAdditionally, OPDA recertifies access to mission critical systems by verifying access privileges\nfor all InvestOne accounting system and FedInvest users. DSPS ISSRs remove or modify any\nuser IDs or access privileges identified for deletion or changes by the user\xe2\x80\x99s manager/supervisor\nor DFI personnel when accompanied by a revoke form.\n\nComplementary Fund Agency Controls\n\nProgram Entities should establish controls to:\n\n\xe2\x80\xa2       Ensure that access to FedInvest is restricted to properly authorized individuals.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected the relevant Certification and Accreditation (C&A) of the InvestOne accounting\n   system and FedInvest systems and determined that the system had been authorized to operate.\n\n2. Inspected the InvestOne accounting system and FedInvest risk assessment and determined\n   that a risk assessment was performed.\n\n3. Inspected the InvestOne accounting system and FedInvest security plan and determined that\n   the plan was documented.\n\n4. Observed a user log into the InvestOne accounting system and the FedInvest system and\n   noted that their access was restricted in accordance with the system configuration.\n\n5. For each InvestOne accounting system user, compared access granted to an OPDA\n   Organization Chart and determined that access privileges were commensurate with job\n   responsibilities.\n\n6. Inspected security guidelines and procedures for administrator privileges InvestOne\n   accounting system and FedInvest and determined that security guidelines and procedures\n   were documented for the administrator privileges.\n\n7. Inspected a list of users with administrator access privileges to InvestOne accounting system\n   and FedInvest and determined that access was limited commensurate with job\n   responsibilities.\n\n8. Inspected an OPDA Organizational Chart and determined that administrator access was\n   commensurate with job responsibilities.\n\n9. Inspected security password guidelines and procedures for InvestOne accounting system and\n   FedInvest and determined that password parameters were documented.\n\n10. Inspected password settings for InvestOne accounting system and FedInvest and determined\n    that password length, complexity, and expiration settings were configured in accordance with\n    BPD requirements.\n\n\n11\n     A list of InvestOne users that have not logged into InvestOne with 45 days or more is reviewed monthly.\n                                                                   34\n\x0c11. Observed a user log into InvestOne accounting system and FedInvest and noted that their\n    password was masked as they entered it.\n\n12. For a selection of new InvestOne users, inspected documented user access request forms and\n    determined that access was authorized by FIB and the user\xe2\x80\x99s supervisor.\n\n13. For a selection of new FedInvest users, inspected documented user access request forms and\n    determined that access was authorized by FIB and the user\xe2\x80\x99s supervisor.\n\n14. Inspected a list of all separated and transferred BPD employees and lists of InvestOne\n    accounting system and FedInvest user IDs and determined that access to InvestOne\n    accounting system and FedInvest had been revoked for terminated and transferred BPD\n    employees.\n\n15. For a selection of weeks, inspected reports listing InvestOne accounting system security\n    administrator actions entered into the system and determined that the reports were reviewed\n    by an ISSR and any exceptions were followed-up.\n\n16. For a selection of weeks, inspected ACF2 InvestOne accounting system audit log reports and\n    evidence of review, and determined that the reports were reviewed by an ISSR and any\n    exceptions were followed-up.\n\n17. For a selection of months, inspected evidence of review and removal of inactive accounts and\n    determined that inactive user accounts were reviewed and removed on a monthly basis.\n\n18. Inspected documentation of the review and recertification of internal InvestOne accounting\n    system and FedInvest user access and determined that internal InvestOne accounting system\n    and FedInvest user access were reviewed and recertified.\n\n19. For a selection of external FedInvest users, inspected documentation of the review and\n    recertification of external FedInvest user access and determined that external FedInvest user\n    access were reviewed and recertified.\n\n20. For a selection of user account recertification reviews requesting removal of user access\n    privileges, inspected InvestOne accounting system and FedInvest user lists, and determined\n    that requested modifications were made.\n\nNo exceptions noted.\n\n\n\n\n                                               35\n\x0cControl Objective 6 \xe2\x80\x93 Computer Operations\nControls provide reasonable assurance that computer processes are scheduled appropriately and\ndeviations are identified and resolved.\nDescription of Controls\nThe InvestOne accounting system is an interactive mainframe system with master data files that\nare updated when entries are posted. End-of-day processes perform maintenance to the data\nfiles and data backups. OIT support personnel complete the Production Control Daily Checklist\nto verify the successful completion of end-of-day processes. Data entry error checking and input\nscreen designs help ensure that the data entered by the users is accurate and complete. The error\nchecks include verification of entered data based on predetermined values and ranges. Errors\ndetected by the system are rejected immediately and must be corrected before the transaction is\npermitted to update the master data tables.\nDaily user operations procedures are posted for the InvestOne accounting system to provide\noperators with the information necessary to sequentially complete daily processing. Additionally,\na monthly calendar is posted that highlights the daily requirements. The InvestOne accounting\nsystem configuration requires that daily reporting be performed in sequence before transaction\nprocessing can begin. OIT completes the Production Control Monthly Checklist to verify the\nsuccessful completion of end-of-month processes.\nThe mainframe job scheduler software controls the scheduling of batch jobs for the InvestOne\naccounting system. The job scheduler allows all programs for batch processing, printing and data\nbackup to be scheduled and performed automatically. Access to the job schedules is limited to\nOIT support personnel and privileges are commensurate with job responsibilities. The job\nscheduler sends messages confirming successful completion of each day\xe2\x80\x99s scheduled jobs to OIT\nand DSPS. Any abends are also communicated to the appropriate OIT and OPDA personnel as\nthey happen through automated messages. Abends are resolved and jobs are restarted as\nnecessary through the job scheduler.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. For a selection of dates, inspected Production Control Daily Checklists and determined that\n   the checklists were used during processing.\n\n2. Observed transactions entered into the InvestOne accounting system and determined that\n   error checking edits prevented users from entering values of the wrong data type or values not\n   on lookup lists.\n\n3. Inspected posted daily user operations for InvestOne accounting system and FedInvest, the\n   FIB Daily Procedures, and the monthly requirements calendar and determined that these\n   schedules and procedures were available.\n\n4. For a selection of months, inspected Production Monthly Checklists and determined that the\n   checklists were used during month-end processing.\n\n5. Inspected the InvestOne accounting system job schedule and determined that a job production\n   schedule for the InvestOne accounting system was documented.\n\n\n\n\n                                               36\n\x0c6. Inspected privileges of individuals granted access to make modifications to schedules and job\n   control language for production jobs in the mainframe job scheduler and inquired of\n   management regarding job responsibilities, and determined that access privileges were\n   limited commensurate with job responsibilities.\n\nNo exceptions noted.\n\n\n\n\n                                              37\n\x0cControl Objective 7 \xe2\x80\x93 Network Performance Monitoring\nControls provide reasonable assurance that network performance monitoring techniques are\nimplemented appropriately.\nDescription of Controls\nUsers must be connected to the BPD network to access the InvestOne accounting system.\nAdditionally they must run terminal emulation software to connect to the mainframe\nenvironments. Network performance and availability is monitored by OIT at all times. 12\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Observed OIT Command Center staff and noted that monitoring tools were used to monitor\n   the performance and availability of BPD networking equipment, such as switches and\n   firewalls.\n\n2. Observed OIT Command Center staff and noted that tools were used to monitor the\n   performance and availability of the FedInvest website.\n\n3. Inquired of management and were informed that the OIT Command Center was staffed 24\n   hours a day.\n\nNo exceptions noted.\n\n\n\n\n12\n   Using the following utilities:\nA combination of monitoring tools (ManageEngine OP Manager and HP Sitescope) are used to monitor networking equipment such as\nswitches and firewalls. These tools automatically report any network equipment or application outages to the Network Operations\nCenter.\n                                                             38\n\x0cTRUST FUNDS MANAGEMENT PROCESSING CONTROLS\n\nControl Objective 8 \xe2\x80\x93 Procedures\n\nControls provide reasonable assurance that management has defined, documented, and\ncommunicated procedures associated with operational areas within the Trust Funds Management\nBranch (TFMB).\n\nDescription of Controls\n\nThe purpose of each trust fund is to account for assets for specific programs directed by the\nProgram Entities, pursuant to specific enabling legislation that created and continues to authorize\nthe operation of each specific trust fund. The Secretary of the Treasury, through the Fiscal\nAssistant Secretary, is responsible for processing certain trust fund activity and reporting this\nactivity.\n\nTFMB services the trust funds in accordance with established laws, fiscal and other Treasury\npolicies that govern the trust funds. TFMB\xe2\x80\x99s responsibilities include establishing accounting\nrecords, processing transactions, determining the timing and condition of transactions,\nmaintaining reference files, and recording adjustments. TFMB records transactions based on\ninformation provided by FMS, Program Entities, and other organizations.\n\nTFMB has defined and communicated procedures regarding the trust fund operations in Standard\nOperating Procedures (SOP) manuals. The SOP manuals provide guidelines for processing\ntransactions including receipts, investments, redemptions, investment income, and disbursements.\n\nAdditional reference materials including Federal Government accounting standards; U.S.\nStandard General Ledger (USSGL) accounting and reporting requirements; and Treasury-wide\nand BPD- wide accounting and reporting policies are readily available in electronic format on the\nInternet. In addition, the SOP manuals provide guidelines for records maintenance and periodic\nreporting. The SOP manuals are maintained electronically and include electronic links to the\nadditional reference materials listed above. TFMB employees with access to the TFMB directory\nhave the ability to read the SOP manuals. Access to revise the SOP manuals, which are password\nprotected, is restricted to only the TFMB employees that have been approved by management.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected SOP manuals and observed operational areas and determined operational areas\n   were operating in accordance with procedures.\n\n2. Inquired of TFMB trust fund managers and inspected the SOP manuals online and\n   determined the SOP manuals were available for TFMB trust fund managers reference.\n\n3. Inspected the SOP manuals online and determined that the SOP manuals were stored in a\n   read-only format.\n\nNo exceptions noted.\n\n\n\n\n                                                39\n\x0cControl Objective 9 \xe2\x80\x93 Receipts Processing\n\nControls provide reasonable assurance that receipt transactions are authorized, processed, and\nrecorded accurately in the proper fiscal year.\n\nDescription of Controls\n\nTFMB has documented policies and procedures for staff to follow for the processing of receipt\ntransactions.\n\nAll Trust Funds Except the Unemployment Trust Fund\n\nOffice of Tax Analysis (OTA), Internal Revenue Service (IRS), Customs and the Program\nEntities determine the trust fund receipts. The receipts primarily include:\n\n   \xe2\x80\xa2     Excise taxes \xe2\x80\x93 Treasury\xe2\x80\x99s OTA estimates the monthly excise taxes based on\n         projected excise tax receipts and sends the estimate to Treasury Financial\n         Management Service (FMS) and TFMB. On two specified work days of each\n         month, FMS issues a warrant (SF-1017) to increase the respective trust fund\xe2\x80\x99s\n         account, with each warrant containing exactly half of the OTA estimated monthly\n         excise taxes. FMS sends TFMB email notification that the warrants have been\n         processed in Central Accounting and Reporting System (CARS). TFMB pulls\n         the warrants from CARS and agrees the warrants to the estimates received from\n         OTA. At the end of each calendar quarter the IRS certifies the excise taxes\n         actually collected and sends the certification to FMS. The IRS generally certifies\n         excise taxes within two quarters after the taxes are estimated (i.e., 1st quarter\n         estimate is certified in the 3rd quarter). FMS calculates the excise tax adjustment\n         as the difference between the excise taxes estimated by OTA and excise taxes\n         certified by the IRS. FMS enters a warrant in CARS to increase or decrease the\n         respective trust fund\xe2\x80\x99s account and sends TFMB email notification that the\n         warrants have been processed in CARS. FMS also faxes the adjustment\n         documentation prepared by the IRS to TFMB. TFMB prints the warrants from\n         CARS and agrees the warrants to the adjustment documentation prepared by the\n         IRS. The IRS determines the amount of excise tax refunds/credits and sends the\n         adjustment to TFMB to be processed. TFMB reports the tax adjustments received\n         prior to issuance of the annual financial reports in the annual financial reports to\n         which the tax adjustment relates to; however, TFMB associated investment or\n         redemption transactions are processed on the actual date TFMB receives the\n         warrant.\n\n       \xe2\x80\xa2 TFMB records tax adjustments following the process discussed above and\n         processes the related investment purchase/redemption when recorded the day the\n         tax adjustment information is received. In addition, for adjustments received\n         after September 30, the trust fund manager also reviews the tax adjustments to\n         identify adjustments that relate to the prior fiscal year. And for those adjustments\n         that do relate to the current fiscal year, the trust fund manager reviews the tax\n         adjustments received after September 30 to identify tax adjustments that relate to\n         the prior fiscal year. For tax adjustments that relate to the prior fiscal year, the\n         trust fund manager enters the tax adjustment into InvestOne (i.e., adjusts tax\n         revenue and tax receivable/payable) and provides the tax adjustment supporting\n         documentation to the reviewing trust fund manager. The reviewing trust fund\n         manager compares the tax adjustment supporting documentation to InvestOne to\n                                                 40\n\x0c    ensure that the tax adjustment is properly recorded (i.e., tax revenue and tax\n    receivable/payable) and documents approval on the tax adjustment\n    documentation.\n\n\xe2\x80\xa2   Oil Spill Drawbacks \xe2\x80\x93 Monthly the U.S. Customs Department submits to FMS a\n    Statement of Transaction report (SF-1220) which charges the Oil Spill Liability\n    Trust Fund for claims made by oil importers on excise tax charges. TFMB\n    receives a copy of the SF-1220 from the U.S. Customs Department via email and\n    records a negative receipt to reduce excise taxes in the Oil Spill Liability Trust\n    Fund for these claims.\n\n\xe2\x80\xa2   Federal Insurance Contribution Act (FICA) and Self-Employment Contribution\n    Act taxes (SECA) \xe2\x80\x93 Amounts equivalent to 100 percent of FICA and SECA\n    taxes are designated to be transferred to specified trust fund accounts. Treasury\xe2\x80\x99s\n    OTA estimates the monthly taxes, determines the amounts to be transferred to the\n    appropriate trust funds, and sends the estimate to FMS. FMS sends TFMB the\n    daily FICA and SECA tax deposit information. TFMB allocates the deposits to\n    the appropriate trust funds based on the monthly OTA estimates and provides the\n    investment amounts to FMS. FMS confirms the investment totals back to TFMB\n    and prepares the tax warrant. After each month-end, TFMB agrees the daily\n    warrants to the amounts reported by FMS on the CARS Account Statement for\n    each trust fund. Estimated tax collections are adjusted in subsequent transfers to\n    the amount of actual tax receipts certified by the IRS and the respective Program\n    Entities.\n\n\xe2\x80\xa2   Customs Duties \xe2\x80\x93 The Department of Homeland Security\xe2\x80\x99s (DHS) Customs and\n    Border Protection\xe2\x80\x99s Office of Border Patrol notifies TFMB monthly of actual\n    receipts collected and deposited in the Sport Fish Restoration and Boating Trust\n    Fund and Harbor Maintenance Trust Fund. Customs notifies TFMB the first\n    workday of the month the actual amounts for the previous month by sending\n    TFMB a fax.\n\n\xe2\x80\xa2   Fines, penalties, and cost recoveries \xe2\x80\x93 Collected fines, cost recoveries, and\n    penalties are transferred from the collecting agencies directly to the trust funds\xe2\x80\x99\n    accounts. The collecting agencies fax notification of the receipts to TFMB. In\n    most cases, the notification is also mailed by the collecting agency to TFMB.\n\n\xe2\x80\xa2   Civil penalties and damages \xe2\x80\x93 Agencies mandated to collect civil penalties and\n    fines for deposit into a specific trust fund send TFMB a letter or\n    Intragovernmental Payment and Collection (IPAC) transaction report. These\n    documents list the civil penalties and damages that are collected and the 3\n    percent administrative cost to be reimbursed to the trust fund. TFMB prepares a\n    separate letter requesting the collected penalties and damages, and the\n    administrative fee withheld by the Federal agency and sends the letter to FMS.\n    FMS issues a warrant to TFMB via CARS.\n\n\xe2\x80\xa2   Appropriations \xe2\x80\x93 Certain Program Entities receive annual appropriations to fund\n    payments to the trust funds in accordance with legislation. The Program Entities\n    process the transfer via the IPAC system to allocate the funds to the proper trust\n    funds. TFMB receives the IPAC transaction report from the FMS GOALS\n    system.\n\n                                            41\n\x0c    \xe2\x80\xa2   Donated revenue \xe2\x80\x93 Donated revenue represents gifts from individuals. TFMB\n        receives receipt reports from Program Entities throughout the month.\n\n    \xe2\x80\xa2   Transfers in from program agencies \xe2\x80\x93 Transfers are the result of IPAC or SF\n        1151 Non-Expenditure Transfers that TFMB receives from Program Entities.\n\n    \xe2\x80\xa2   Collected premiums and Federal matching funds \xe2\x80\x93 Amounts withheld from\n        Social Security beneficiary checks and the related Federal matching funds are\n        transferred by the Program Entities to the appropriate trust funds using the SF-\n        224 and the IPAC system. TFMB receives the daily receipt reports from the\n        Program Entities and the IPAC transaction report from the FMS GOALS system.\n\nTFMB submits, via TRS/CARS, a CTA/SF-224 Statement of Transaction report for certain\ntransactions, which posts to the central accounting system (STAR), and the appropriate Trust\nFund accounts are adjusted for the refunds/credits.\n\nTFMB processes receipt notifications received prior to 3:00 pm EST the day they are received\nand the next business day if the notifications are received after this deadline. Using the receipt\ndocumentation noted above, the trust fund manager: 1) enters the receipts into the InvestOne\naccounting system; 2) prepares an Investment/Redemption Request (IRR) based on the daily\nactivity; 3) enters the IRR into FedInvest system, which processes the investment purchase,\nrecords the investment in InvestOne, and generates a confirmation; 4) prints the investment\nconfirmation; and 5) provides the receipt supporting documentation along with the IRR (for non-\ndaily investments) and investment confirmation to the reviewing trust fund manager.\n\nThe trust fund manager compares the transaction from InvestOne (i.e., the Cash Forecasting\nReport) to the transaction documentation (i.e., Treasury warrants, excise tax receipts, FICA and\nSECA tax deposits, agency program letters, reports, or fax notifications, IPAC documents, or SF-\n1151 Non-Expenditure Transfers) and investment confirmation to ensure that the transaction is\nproperly recorded and classified. The trust fund manager documents completion of the\ncomparison by signing the DTSP.\n\nThe reviewing trust fund manager reviews the supporting documentation to ensure that the\nreceipts are authorized by legislation, received from the appropriate Program Entities, and do not\ncontain any obvious errors. The reviewing trust fund manager also compares the receipt\nsupporting documentation to InvestOne, the IRR (for non-daily investments), and investment\nconfirmation to ensure that the receipt is properly recorded and documents approval on the DTSP.\nThe reviewing trust fund manager returns the supporting documentation to the trust fund\nmanager.\n\nThe Unemployment Trust Fund (UTF)\n\nThe primary receipts for the UTF are as follows:\n\n    \xe2\x80\xa2   Federal unemployment taxes \xe2\x80\x93 The Federal unemployment taxes fund the\n        Employment Security Administration Account established pursuant to Title IX,\n        section 901(a), of the Social Security Act. This account funds administrative\n        expenses of the UTF and provides intra-fund transfers to the other Federal\n        accounts within the UTF. The Budget Reports Division of FMS prepares\n        warrants based on collections reported to FMS through CA$HLINKII. The\n        warrants are forwarded to TFMB.\n\n                                               42\n\x0c    \xe2\x80\xa2   Federal Employees Compensation Act (FECA) accounts receivable \xe2\x80\x93 Federal\n        agencies make payments on FECA accounts receivable pursuant to Title IX,\n        section 909, of the Social Security Act to fund unemployment benefits for former\n        Federal civilian and military personnel. Federal agencies make payments to the\n        Department of Labor using the IPAC System. The Department of Labor receives\n        IPAC transactions, maintains the FECA accounts receivable, and deposits\n        collections in the UTF via CTA/SF-224.\n\n    \xe2\x80\xa2   State unemployment taxes \xe2\x80\x93 TFMB established 53 separate Unemployment\n        Insurance (UI) book accounts for the States, the District of Columbia, Puerto\n        Rico, and the Virgin Islands. Daily, these Program Entities use FEDWIRE to\n        transfer deposits from local banks to the Federal Reserve Bank in New York to\n        the UI book accounts. These deposits are summarized on a SF-215 Deposit\n        Summary form (SF-215) by Pittsburgh National Corporation (PNC). The\n        Federal Reserve Bank in New York accesses CA$HLINKII, a Treasury on-line\n        system in which deposit and withdrawal information is maintained at the detail\n        and summary level, and uploads the deposit information into the UTF activity\n        location code. The trust fund manager retrieves the amount of the Program\n        Entity unemployment tax receipts through read-only access to CA$HLINKII.\n\n    \xe2\x80\xa2   Deposits by the Railroad Retirement Board \xe2\x80\x93 Each day TFMB checks for any\n        Railroad Retirement Board receipt reports forwarded from the Railroad\n        Retirement Board to be included in the Railroad Unemployment Insurance and\n        Administration Accounts. TFMB agrees the receipts from the receipt report to\n        the amounts reported by the Railroad Retirement Board on the CTA/SF-224.\n\nThe trust fund manager processes receipts received prior to 3:00 pm EST the day they are\nreceived and the next business day if the receipts are received after 3:00 pm EST. The trust fund\nmanager: 1) enters the receipts into InvestOne; 2) prepares an IRR based on the daily activity; 3)\nenters the IRR into FedInvest, which processes the investment purchase, records the investment\nin InvestOne, and generates a confirmation; 4) prints the investment confirmation; and 5)\nprovides the receipt supporting documentation along with the IRR and investment confirmation to\nthe reviewing trust fund manager.\n\nThe trust fund manager compares the transaction as recorded within InvestOne to the transaction\ndocumentation (i.e., Automated Standard Application for Payments System (ASAP) reports,\nCA$SHLINKII reports, letters from the Program Entities and IPAC reports) to ensure that the\ntransaction is properly recorded and classified. The trust fund manager documents completion of\nthe comparison by signing the DTSP.\n\nThe reviewing trust fund manager reviews the supporting documentation to ensure that the\nreceipts are authorized by legislation, are received from the appropriate Program Entities, and do\nnot contain any obvious errors. In addition, the reviewing trust fund manager compares the\nreceipt supporting documentation to InvestOne, the IRR, and investment confirmation to ensure\nthat the receipt is properly recorded and approves the DTSP.\n\nComplementary Program Entity Controls\n\nProgram Entities should establish controls to:\n\n\xe2\x80\xa2   Verify that only authorized receipts are deposited into the trust funds.\n\n                                                 43\n\x0c\xe2\x80\xa2   Determine and approve receipt amounts.\n\n\xe2\x80\xa2   Provide receipt information to TFMB within the required time frames.\n\n\xe2\x80\xa2   Review the monthly financial reports provided by TFMB to ensure that receipts are posted\n    accurately.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected documented SOPs and observed the trust fund managers and reviewing trust fund\n   managers process receipts and determined that receipt transactions were processed in\n   accordance with the procedures.\n\n2. For a selection of receipts processed, inspected supporting receipt documentation and IRRs\n   and determined that the receipts were documented and authorized.\n\n3. For a selection of receipts processed, inspected supporting receipt documentation, IRR, Cash\n   Forecasting Report, investment confirmation, and the InvestOne accounting system and\n   determined that the receipts were reviewed and approved by the trust fund manager and that\n   the receipts were processed and recorded accurately in the proper period.\n\n4. For a selection of tax adjustments processed subsequent to year end (i.e., September 30,\n   2011), inspected the tax adjustment supporting documentation and the InvestOne accounting\n   system and determined that the tax adjustments were reviewed and approved by the trust fund\n   manager and that the tax adjustments were processed and recorded accurately in the proper\n   period.\n\nNo exceptions noted.\n\n\n\n\n                                              44\n\x0cControl Objective 10 \xe2\x80\x93 Investment Purchase Requests\n\nControls provide reasonable assurance that investment requests are authorized, processed, and\nrecorded accurately in the proper period.\n\nDescription of Controls\n\nTFMB has documented policies and procedures for staff to follow for the processing of\ninvestment requests.\n\nPursuant to the trust funds\xe2\x80\x99 enabling legislation, TFMB invests the portions of the trust funds\xe2\x80\x99\nassets that are not necessary to meet current withdrawals. In accordance with legislation, TFMB\npurchases non-marketable Treasury securities that are held in the name of the Secretary of the\nTreasury for the trust funds. The Treasury securities are purchased and redeemed through the\nFederal Investments Branch (FIB). TFMB determines the type and term of the Treasury security\nto purchase based on the following factors:\n\n    \xe2\x80\xa2 Type of security allowed by legislation\n    \xe2\x80\xa2 Division of Federal Investment\xe2\x80\x99s guidelines for investing\n    \xe2\x80\xa2 Discussions with Program Entities to determine their expected future cash flow\n      needs\n    \xe2\x80\xa2 Guidance issued by the Office of Fiscal Assistant Secretary\n\nTFMB purchases securities using the FedInvest system that is maintained by FIB and OIT. For\ntrust funds that are invested continuously in overnight securities, InvestOne automatically\nredeems and reinvests the overnight securities. The trust fund manager prints a Cash Forecasting\nReport InvestOne that displays the previous day\xe2\x80\x99s overnight redemptions and current\nreinvestments. The trust fund manager compares the reinvestments (i.e., \xe2\x80\x9cBuy\xe2\x80\x9d transactions) to\nthe previous day\xe2\x80\x99s maturity to verify that they net to zero, investigates and resolves any\ndifferences, and forwards it to the reviewing trust fund manager. The reviewing trust fund\nmanager reviews each Cash Forecasting Report and documents approval by signing the DTSP.\n\nFor all other trust funds, the trust fund manager determines the amount to invest by inspecting the\nCash Forecasting Report from the InvestOne accounting system. The Cash Forecasting Report\nsummarizes the daily receipts and disbursements that have been posted within InvestOne.\n\nTo purchase an investment, the trust fund manager prepares and enters the investment request\ninto FedInvest and FedInvest generates an on-line Investment Confirmation.\n\nCertificate of Indebtedness (C of I) par value securities have a maturity date of June 30th. In\naccordance with Treasury fiscal policy, FIB automatically reinvests the par value securities upon\nmaturity. On the maturity date, InvestOne processes the maturity automatically and FIB\nmanually processes the reinvestment, into InvestOne. The corresponding confirmations are\navailable in FedInvest.\n\nFor certain other selected investment requests, the trust fund manager manually prepares and\nprovides the IRR to FIB. FIB enters the investment into FedInvest.\n\nUpon entry of the transaction into FedInvest, an on-screen confirmation of the transaction is\npresented to the purchaser.\n\n\n                                                45\n\x0cThe trust fund manager compares the IRR investment type, amount, purchase date, and maturity\ndate to the Investment Confirmation. After investigating and resolving any differences, the trust\nfund manager approves the IRR and the Investment Confirmation. The trust fund manager\nprovides the IRR, Investment Confirmation, the Cash Forecasting Report, and the\nreceipt/disbursement source documentation to the reviewing trust fund manager.\n\nThe reviewing trust fund manager inspects the IRR, the Investment Confirmation, the Cash\nForecasting Report, and the receipt/disbursement source documentation to ensure that the proper\namount was invested, to confirm that the trust fund manager purchased an authorized investment,\nand to ensure that the investment amount and timing is consistent throughout all of these\ndocuments. The reviewing trust fund manager documents their approval on the DTSP.\n\nComplementary Program Entity Controls\n\nProgram Entities should establish controls to:\n\n\xe2\x80\xa2   Verify that the type and term of the investments purchased are appropriate in relation to\n    expected cash flow needs.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected SOPs and observed the trust fund managers and reviewing trust fund managers\n   process investment requests and determined that the investment requests were processed in\n   accordance with the procedures.\n\n2. For a selection of investment purchases, inspected the Investment/Redemption Requests, the\n   Investment Confirmation, Cash Forecasting Report, supporting receipt/disbursement\n   documentation, and the InvestOne accounting system and determined that the investment\n   transactions were documented, authorized in accordance with legislation, and processed and\n   recorded accurately and in the proper period.\n\n3. For a selection of investment purchases, inspected the Investment/Redemption Requests and\n   the Investment Confirmation and determined that the reviewing trust fund manager reviewed\n   and approved the investment purchases.\n\n4. Observed and noted a trust fund manager enter a selection of investment purchases into\n   FedInvest, inspected the on-screen confirmations received by TFMB and determined that on-\n   screen confirmations confirmed the successful recording of the investment purchase into\n   FedInvest and InvestOne.\n\n5. For a selection of days, inspected the cash forecasting report from trust funds that invest\n   continuously in overnight securities and determined that a TFMB trust fund manager\n   performed a comparison of the reinvestment to the previous day\xe2\x80\x99s maturity, that the trust fund\n   manager signed the DTSP, that the reviewing TFMB trust fund manager reviewed and signed\n   the DTSP, and that any differences were resolved.\n\nNo exceptions noted.\n\n\n\n\n                                                 46\n\x0cControl Objective 11 \xe2\x80\x93 Investment Income\n\nControls provide reasonable assurance that investment income, amortization and gains or losses\nare processed and recorded accurately in the proper period.\n\nDescription of Controls\n\nTFMB has documented policies and procedures for staff to follow for the processing of\ntransactions related to investment income, amortization, and gains/losses.\n\nInterest Payments Received\n\nThe trust funds receive interest daily for one-day securities, semi-annually on June 30 and\nDecember 31 for par value (C of I\xe2\x80\x99s) and semi-annually at various dates for market-based bonds\nand notes. The market-based bills do not make periodic interest payments therefore interest\nincome is equal to the purchased discount, which is received when the securities mature or are\nredeemed. Interest received is a receipt to the trust funds and is either used to meet a Program\nEntities\xe2\x80\x99 disbursement request or is reinvested.\n\nAt the time an investment purchase is recorded, the investment terms (i.e., cost,\ndiscount/premium, interest rate, issue date, maturity date, amortization/accretion method,\npayment frequency, payment month and day, and first coupon date) are established based on the\nsecurity purchased. InvestOne automatically calculates and records interest income based on the\ninvestment terms in the system.\n\nAccrued Interest Receivable\n\nAccrued interest receivable is recorded by TFMB for accounts that hold notes or bonds. One-day\nsecurities mature on the next business day and therefore generally do not accrue interest. For\none-day securities purchased on Friday, interest accrues until the date of maturity.\n\nAt the time an investment purchase is recorded, the investment terms (i.e., cost,\ndiscount/premium, interest rate, issue date, maturity date, amortization/accretion method,\npayment frequency, payment month and day, and first coupon date) are entered into InvestOne by\nFIB. InvestOne automatically calculates and records interest accruals based on the corresponding\ninvestment terms. The trust fund manager and reviewing trust fund manager review the interest\nbalances on the monthly trial balance reports for reasonableness and to ensure that the interest\nbalances are properly recorded and classified and documents approval on the monthly financial\nreview checklist.\n\nDiscount/Premium\n\nTFMB purchases non-marketable market-based bills at a discount and non-marketable market-\nbased bonds and notes at a discount or premium.\n\nAt the time an investment purchase is recorded, the investment terms (i.e., cost,\ndiscount/premium, interest rate, issue date, maturity date, amortization method, payment\nfrequency, payment month and day, and first coupon date) are entered into InvestOne. InvestOne\nautomatically calculates and records amortization of discount/premium based on the\ncorresponding investment terms. InvestOne calculates amortization for bills (i.e., short-term\nsecurities) using the straight-line method and for bond/notes (i.e., long-term securities) using the\nlevel yield method that approximates the interest method.\n                                                47\n\x0cOn a monthly basis, the trust fund manager and reviewing trust fund manager reviews the trial\nbalance report which lists amortization of discounts and premiums and compares it to the\nfinancial report and documents approval on the monthly financial review checklist.\n\nGains and Losses\n\nGains and losses may occur each time a market-based security is redeemed prior to maturity.\n\nWhen a security is redeemed, FedInvest processes the redemption, including the proceeds of the\nredemption, into InvestOne. InvestOne calculates and records a gain or loss based on the\ndifference between the redemption proceeds and book value (i.e., cost plus/minus amortized\ndiscount/premium). The trust fund manager and reviewing trust fund manager review the\ngains/losses on the monthly trial balance reports for reasonableness and to ensure that the\ngains/losses are properly recorded and classified and documents approval on the monthly\nfinancial review checklist.\n\nComplementary Program Entity Controls\n\nProgram Entities should establish controls to:\n\n\xe2\x80\xa2   Verify that the type and term of the investments purchased and related investment income are\n    appropriate in relation to expected cash flow needs.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected SOPs and observed trust fund managers and reviewing trust fund managers process\n   and record interest, and amortization transactions and determined that the processing was\n   performed in accordance with the procedures.\n\n2. For a selection of transactions, inspected interest, gain/loss, and amortization documentation,\n   inspected the InvestOne accounting system, and determined that transactions were\n   documented, mathematically accurate, processed and recorded accurately and in the proper\n   period.\n\n3. For a selection of months, inspected the monthly financial review checklist and the monthly\n   trial balance and determined that the trust fund managers reviewed the interest balances for\n   reasonableness.\n\n4. For a selection of months, inspected the monthly financial review checklist, amortization\n   report, trial balance report, and financial report, and determined that the trust fund managers\n   completed the reconciliations.\n\nNo exceptions noted.\n\n\n\n\n                                                 48\n\x0cControl Objective 12 \xe2\x80\x93 Investment Redemption Requests\n\nControls provide reasonable assurance that redemption requests are authorized, processed, and\nrecorded accurately in the proper period.\n\nDescription of Controls\n\nTFMB has documented policies and procedures for staff to follow for the processing of\nredemption requests.\n\nInvestments are redeemed primarily when the Program Entities request transfers from the trust\nfunds. For trust funds that invest in market-based securities, the trust fund manager nets the\nreceipts, investment maturities, and the disbursements. If the net result is a reduction, a\nredemption request is prepared. If the net results in an increase, an investment request is\nprepared. (See Control Objective 10) For trust funds that invest in par value securities, the trust\nfund manager generally invests receipts and redeems investments for disbursements as separate\ntransactions.\n\nWhen redeeming a market-based security, the trust fund manager generally selects the security\nwith the earliest maturity date. When redeeming a par value security, InvestOne selects the\nsecurity in the following order: earliest maturity date, lowest prevailing interest rate, and first\nsecurity in first security out.\n\nTFMB redeems securities by completing the request in FedInvest, which is maintained by FIB\nand OIT. To redeem a security, the trust fund manager completes the following steps:\n\n    \xe2\x80\xa2   The trust fund manager prepares the IRR.\n    \xe2\x80\xa2   The trust fund manager enters, reviews and submits the redemption request in\n        FedInvest, which processes the redemption request and prepares an on-line\n        Redemption Confirmation.\n\nFor redemptions on non-business days, June 30 rollovers, and other selected redemption requests,\nthe trust fund manager manually prepares the IRR, and provides a copy to FIB. FIB manually\nexecutes the redemption in InvestOne.\n\nC of I par value securities have a maturity date of June 30th. In accordance with Treasury fiscal\npolicy, FIB automatically reinvests the par value securities upon maturity. On the maturity date,\nInvestOne processes the maturity automatically and FIB manually processes the reinvestment into\nInvestOne. The corresponding confirmations are available in FedInvest.\n\nMarket-based securities have various maturity dates. On the maturity date, InvestOne processes\nthe maturity and creates a confirmation, which is made available in FedInvest.\n\nThe trust fund manager provides the Redemption Confirmation and the IRR to the reviewing trust\nfund manager. The reviewing trust fund manager compares the investment type, amount,\nredemption date, and the maturity date from the Redemption Confirmation to the IRR to verify\nthat the redemption was authorized and that the redemption amount and timing is consistent\nthroughout these documents. Any differences are investigated and resolved. The reviewing trust\nfund manager documents approval on the DTSP.\n\n\n\n\n                                                49\n\x0cTests of Operating Effectiveness and Results of Testing\n\n1. Inspected SOPs and observed the trust fund managers and reviewing trust fund managers\n   process and record redemption transactions and determined that the transactions were\n   processed in accordance with the procedures.\n\n2. For a selection of redemption transactions, inspected the Redemption Confirmation, the IRR,\n   and the InvestOne accounting system and determined that the transactions were documented,\n   reviewed, and approved by the reviewing trust fund manager and processed and recorded\n   accurately in the proper period.\n\nNo exceptions noted.\n\n\n\n\n                                             50\n\x0cControl Objective 13 \xe2\x80\x93 Disbursement Processing\n\nControls provide reasonable assurance that withdrawals/disbursements are authorized, processed,\nand recorded accurately in the proper period.\n\nDescription of Controls\n\nTFMB has documented policies and procedures for staff to follow for the processing of\ndisbursements.\n\nAll Trust Funds\n\nDisbursements primarily consist of transfers to Program Entities, administrative expenses, and\ninterest penalties under the Cash Management Improvement Act. The Program Entities are\nresponsible for verifying that the disbursement is in compliance with legislation, determining the\namount of the disbursements, and requesting the disbursements.\n\nThe Program Entities initiate disbursement requests via fax, IPAC reports, email, or telephone\ncalls to the respective trust funds manager. Each telephone request is followed by a faxed\ndisbursement confirmation citing the applicable legislation and signed by the appropriate\nProgram Entity representative. The Program Entity may also mail the disbursement confirmation\nto TFMB.\n\nTFMB processes disbursement requests received prior to 3:00 pm EST the day they are received\nor on the next business day if received after this deadline. The trust fund manager records the\ndisbursement in InvestOne. When the disbursement confirmation is received by fax/mail, the\ntrust fund manager matches the confirmations to the telephone request. The trust fund manager\nreviews the request to ensure that it is received from the appropriate Program Entity and does not\ncontain any obvious errors. The trust fund manager also reviews the account balances to ensure\nthe trust fund has sufficient funds to cover the request.\n\nTFMB uses the automated TRS/CARS system, maintained by FMS, to process non-expenditure\ntransfers.\n\nFMS configured TRS/CARS to authorize TFMB to transfer funds from the trust fund accounts to\nProgram Entities\xe2\x80\x99 accounts but not to transfer funds from Program Entities\xe2\x80\x99 accounts to the trust\nfund accounts.\n\nThe trust fund manager enters the transfer into the TRS/CARS system, in accordance with the\nProgram Entity\xe2\x80\x99s instruction. TRS/CARS reflects a transfer status of \xe2\x80\x9cSAVED\xe2\x80\x9d for a transfer,\nuntil the transfer is certified. The trust fund manager provides the transfer request documentation\nto the reviewing trust fund manager.\n\nThe reviewing trust fund manager compares the disbursement request to the Non-Expenditure\nTransfers TFMB Trust Fund Accounts Transaction Report from InvestOne. The reviewing trust\nfund manager accesses TRS/CARS to verify that the transfer is designated to the proper entity,\nthen certifies the transfer request in TRS/CARS. TRS/CARS changes the transfer status to\n\xe2\x80\x9cAGENCY CERTIFIED\xe2\x80\x9d. The reviewing trust fund manager documents completion on the daily\nCARS Certification Package.\n\nAnother reviewing trust fund manager compares the disbursement details and amount from the\nNon-Expenditure Transfers TFMB Trust Fund Accounts Transaction Report from InvestOne to a\n                                                51\n\x0cprint screen from TRS/CARS. The reviewing trust fund manager also compares all transactions\nwith an \xe2\x80\x9cAGENCY CERTIFIED\xe2\x80\x9d status on the print screen from CARS to the Non-Expenditure\nTransfers TFMB Trust Fund Accounts Transaction Report from the InvestOne accounting system\nto ensure the transactions have been properly entered. The reviewing trust fund manager\ndocuments his/her completion of the comparisons on the daily CARS Certification Package.\n\nAfter the transfer is certified by TFMB, FMS authorizes TRS/CARS to send the disbursement\nrequest to the STAR system using an automated interface. The STAR system transfers the funds\nfrom the trust fund account to the agency account, and TRS/CARS changes the status of the\ntransfer request to \xe2\x80\x9cPOSTED\xe2\x80\x9d in TRS/CARS. The trust fund manager accesses the TRS/CARS\npending transaction file to monitor the transfer status and take a necessary action to correct errors\nin rejected transactions and resubmit the transfers to FMS.\n\nThe trust fund manager provides the disbursement requests (i.e., faxes, SF-1081s (Voucher and\nSchedule of Withdrawals and Credits form), IPAC reports, or emails) to the reviewing trust fund\nmanager. On a daily basis, the reviewing trust fund manager compares disbursements from\nInvestOne (i.e., the Cash Forecasting Report) to the disbursement requests to ensure the\ndisbursement is properly recorded. The reviewing trust fund manager documents approval on the\nDTSP.\n\nThe Unemployment Trust Fund-State Unemployment Benefit Disbursements\n\nThe Program Entities (i.e., State Employment Agencies) are responsible for verifying that the\ndisbursements are in compliance with legislation, determining the amount of the disbursements,\nand requesting the disbursements. Program Entities must submit all disbursement requests using\nthe Automated Standard Application for Payments (ASAP). Each day, Program Entities must\nenter their disbursement requests into ASAP by 6:00 pm EST if requesting a wire transfer and by\n11:59 pm EST if requesting an Automated Clearing House payment. The Program Entities may\nrequest a disbursement from their Unemployment Insurance (UI) account, Reed Act account, the\nExtended Unemployment Compensation Account (EUCA), the Federal Employment\nCompensation Account (FECA), or the Federal Additional Unemployment Compensation\nAccount (FAUC). A written disbursement confirmation is not required from the Program\nEntities. FMS transfers funds from the trust fund account to the Program Entity\'s bank account\nand sends the trust fund manager the Transaction by Account ID reports.\n\nDuring the morning of the next business day, ASAP transmits a file to InvestOne that contains all\nof the disbursement and transfer requests. The trust fund manager reviews the InvestOne pending\ndisbursement and transfer requests file. The trust fund manager compares the InvestOne pending\ndisbursement and transfer requests report to the ASAP transaction reports.\n\nAfter the trust fund manager verifies and reconciles these reports, the trust fund manager posts the\ntransaction to the Program Entities\xe2\x80\x99 accounts within InvestOne and provides the reports to the\nreviewing trust fund manager. The reviewing trust fund manager reviews and approves the\nreports. Any differences are investigated and resolved.\n\nComplementary Program Entity Controls\n\nProgram Entities should establish controls to:\n\n\xe2\x80\xa2   Verify that only authorized disbursement requests are used for withdrawals from the trust\n    funds.\n\n                                                 52\n\x0c\xe2\x80\xa2   Determine and approve the disbursement requests.\n\n\xe2\x80\xa2   Provide disbursement requests to TFMB within the required time frame.\n\n\xe2\x80\xa2   Ensure that the systems they use to support on-line access to ASAP are approved, tested, and\n    properly monitored. (UTF only)\n\n\xe2\x80\xa2   Restrict ASAP access to authorized individuals. (UTF only)\n\n\xe2\x80\xa2   Verify that disbursement requests are accurately entered into ASAP. (UTF only)\n\n\xe2\x80\xa2   Review the monthly trust fund financial reports provided by TFMB to ensure that\n    disbursements are posted accurately.\n\n\xe2\x80\xa2   Reconcile fund balance with Treasury from their records to FMS records to ensure that they\n    receive the proper trust fund disbursements.\n\n\xe2\x80\xa2   Reconcile disbursement records to their bank\xe2\x80\x99s records to ensure that they receive the proper\n    trust fund disbursements. (UTF only)\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected documented SOPs and observed the trust fund managers and the reviewing trust\n   fund managers process and record disbursement transactions and determined that the\n   transactions were processed in accordance with the procedures.\n\n2. For a selection of disbursement transactions, inspected the Program Entity disbursement\n   requests, print screen from the TRS/CARS system, the Non-Expenditure Transfers TFMB\n   Trust Fund Accounts Transaction Report, IRR and FedInvest confirmation, the InvestOne\n   accounting system (e.g., Cash Forecasting Report), and the DTSP and determined that the\n   transactions were documented, reviewed and approved by the reviewing trust fund manager,\n   and processed and recorded accurately in the proper period.\n\n3. For a selection of ASAP transaction reports, inspected the reconciliation from the ASAP\n   transaction report to the pending transactions report in the InvestOne accounting system and\n   determined that the reconciliations were completed, the transactions were processed and\n   recorded accurately in the proper period, and the reviewing trust fund manager reviewed and\n   approved the reconciliations.\n\nNo exceptions noted.\n\n\n\n\n                                               53\n\x0cControl Objective 14 \xe2\x80\x93 Records Maintenance\n\nControls provide reasonable assurance that the documentation exists to support all transactions\nand is filed in reference files, which are readily available.\n\nDescription of Controls\n\nTransaction support is maintained in paper or electronic format. The supporting documentation is\norganized in separate work folders for each trust fund. The key transaction records and files are\nas follows:\n\n    \xe2\x80\xa2   Transaction supporting documentation:\n        - Receipt notification documents, such as OTA tax estimate/adjustment letters,\n            IRS tax refund/credit letters, Program Entity receipt letters/reports, Deposit\n            Summary Form (SF-215), and CA$HLINKII reports.\n        - IPAC transaction reports\n        - CTA/SF-224 worksheet generated from InvestOne\n        - FMS-issued warrants (SF-1017)\n        - Investment and Redemption Requests\n        - Investment and Redemption Confirmations\n        - Disbursement request letters from Program Entities\n        - Non-Expenditure Transfer Authorization (SF-1151)\n        - ASAP Transaction by Account ID reports (UTF Only)\n        - ASAP disbursement and transfer request files and reports (UTF Only)\n        - InvestOne pending transactions report (UTF Only)\n    \xe2\x80\xa2   Cash forecasting report\n    \xe2\x80\xa2   Daily Transaction Support Package\n    \xe2\x80\xa2   Monthly financial review checklist\n    \xe2\x80\xa2   TRS/CARS Account Statement\n    \xe2\x80\xa2   FIB-generated Monthly Statement of Account\n    \xe2\x80\xa2   Monthly Financial Reconciliation\n    \xe2\x80\xa2   Financial Statement Package:\n        - Trial Balance reports\n        - Balance Sheet\n        - Income Statements\n        - FACTS II Trial Balance\n        - FACTS II Adjusted Trial Balance Report\n        - Schedules of Assets and Liabilities, Schedules of Activity, Schedules of\n            Misstatements (Attest Schedules) \xe2\x80\x93 Attest Funds only\n        - InvestOne to Oracle trial balance report reconciliations\n        - General ledger account reconciliations\n        - Budgetary to proprietary Account Reconciliations\n    \xe2\x80\xa2   UTF Internet Account Statements (UTF only)\n    \xe2\x80\xa2   FUA Pending Report (UTF only)\n    \xe2\x80\xa2   ASAP transaction report (UTF only)\n    \xe2\x80\xa2   UTF InvestOne accounting system Borrowing Reports (UTF only)\n    \xe2\x80\xa2   FMS-2108 Year-End Closing Statement\n\n\n\n\n                                               54\n\x0cTests of Operating Effectiveness and Results of Testing\n\n1. For a selection of transactions, reconciliations, and reports, inspected supporting\n   documentation and determined that documentation was maintained and available.\n\nNo exceptions noted.\n\n\n\n\n                                            55\n\x0cControl Objective 15 \xe2\x80\x93 Reporting\n\nControls provide reasonable assurance that reports provided to the Program Entities are accurate,\nprepared on a consistent basis, and fairly present the information they purport to display.\n\nDescription of Controls\n\nTFMB has documented policies and procedures for staff to follow for the generation of reports.\n\nAll Trust Funds Except the Unemployment Trust Fund\n\nUpon completion of daily processing of receipts, disbursements and investment transactions in\nInvestOne, the trust fund manager extracts and uploads the transactions into the Oracle. Each\nday, the trust fund manager prepares a summary reconciliation of InvestOne and Oracle account\nbalances, investigates and resolves any differences, and documents completion on the\nreconciliation log.\n\nAt the end of the monthly processing cycle, the trust fund managers prepare the financial\nstatement package for each trust fund. The trust fund manager is responsible for transmission of\nthe financial statement package, by electronic mail to BPD Web Support for posting on the BPD\nwebsite.\n\nThe trust fund manager completes the financial reconciliation package, documents approval on\nthe monthly financial review checklist, and submits the package to the reviewing trust fund\nmanager for review and approval. The reviewing trust fund manager reviews the package and\ndocuments approval via signature on the financial review checklist. Components of the financial\nreconciliation package and procedures performed on each component by the trust fund manager\nand reviewing trust fund manager are as follows:\n\n    \xe2\x80\xa2   InvestOne to Oracle trial balance report reconciliations \xe2\x80\x93 Compare the InvestOne and\n        Oracle trial balance ending balances and investigate and resolve any differences.\n    \xe2\x80\xa2   Fund Balance with Treasury reconciliation \xe2\x80\x93 Prepare a reconciliation worksheet\n        comparing InvestOne/Oracle trial balances to the TRS/CARS Account Statement.\n        Investigate and resolve any differences.\n    \xe2\x80\xa2   Investment reconciliation \xe2\x80\x93 Prepare a reconciliation worksheet comparing\n        InvestOne/Oracle trial balances to FIB investment activity data. Investigate and resolve\n        any differences.\n    \xe2\x80\xa2   Accounts receivable and payable reconciliations \xe2\x80\x93 Prepare reconciliations of accounts\n        receivable and payable balances to ensure reasonableness and consistent classification of\n        transactions in InvestOne and Oracle general ledger accounts.\n    \xe2\x80\xa2   Budgetary to proprietary reconciliations - Prepare budgetary to proprietary account\n        reconciliations to ensure complete and accurate budgetary account posting for all\n        recorded transactions. Investigate and resolve any erroneously posted transactions or out-\n        of-balance relationships identified.\n    \xe2\x80\xa2   Schedules of Assets and Liabilities and Schedules of Activity \xe2\x80\x93 Review the schedules for\n        format and presentation and compare the schedules to the trial balance reports.\n    \xe2\x80\xa2   Schedules of misstatements \xe2\x80\x93 Prepare a schedule outlining any identified line item\n        misstatements for any report within the monthly financial statement package. The\n        reviewing trust fund manager reviews the schedule of misstatements and instructs the\n        trust fund manager to correct misstatements deemed material by the reviewing trust fund\n        manager in the appropriate accounting period.\n\n\n                                               56\n\x0cOnce the financial reconciliation package is approved, the trust fund manager transmits the\nfinancial statement package (i.e., the trial balance reports, schedules of assets and liabilities, and\nschedules of activity) to BPD Web Support for posting on the BPD website. TFMB issues\nfinancial statement packages prior to the completion of the monthly financial reconciliation\npackage. Should the reconciliation process identify a material misstatement in the previously\nissued financial statement package, TFMB corrects the misstatement, revises the financial\nstatement package, and transmits the revised financial statement package to BPD Web Support\nfor posting on the BPD website.\n\nUnemployment Trust Fund\n\nAt the end of the monthly processing cycle, the trust fund manager provides the Department of\nLabor with two files, one contains the activity for the month, and the other contains the account\nbalances at the end of the month. On a weekly basis, TFMB creates electronic files of the\nindividual UTF account statements, transaction statements, and Federal activity reports (EUCA\nand FECA activity). The text reports are reviewed to ensure that the correct number of files are\nincluded and then posted to BPD\xe2\x80\x99s website.\n\nAll Trust Funds\n\nThe trust fund activity is also reported in FACTS II. FACTS II is used to consolidate all Federal\nfinancial reporting at the agency level for the purposes of generating the annual consolidated\nfinancial statements for the Federal Government as a whole. The Program Entities are\nresponsible for entering the information into FACTS II using the reports they receive from\nTFMB.\n\nTFMB enters the information into FACTS II by completing the following steps:\n\n    \xe2\x80\xa2   The trust fund manager prints and forwards the FACTS II adjusted trial balance\n        report to the reviewing trust fund manager who approves the report.\n    \xe2\x80\xa2   The trust fund manager enters the account balances into FACTS II.\n    \xe2\x80\xa2   When reporting the FACTS II for the final quarter of the fiscal year, the final\n        FACTS II adjusted trial balance report is reviewed by the approving official and\n        certified in the FACTS II System.\n    \xe2\x80\xa2   In addition, the trust fund manager and reviewing trust fund manager compares\n        the FMS-2108 Year-End Closing Statement to the September 30th trial balance\n        report from the InvestOne accounting system.\n\nAt the end of the month, the CTA/SF-224 worksheet is generated utilizing data from InvestOne.\nThe trust fund manager reconciles the non-investment receipts and disbursements from the\nInvestOne CTA/SF-224 report to the CTA/SF-224 worksheet. To document completion of the\nCTA/SF-224 worksheet, the trust fund manager initials and dates the CTA/SF-224 worksheet.\nThe reviewing trust fund manager reviews the reconciliation and documents approval on the\nCTA/SF-224 worksheet. Any differences are investigated and resolved.\n\nComplementary Program Entity Controls\n\nProgram Entities should establish controls to:\n\n\xe2\x80\xa2   Review the monthly trust fund financial reports to ensure that transactions are recorded\n    accurately.\n\n\n                                                 57\n\x0c\xe2\x80\xa2   Review their UTF account statements, transaction statements, and Federal activity reports to\n    ensure that transactions are recorded accurately.\n\n\xe2\x80\xa2   Verify that transactions are recorded accurately into Federal Agencies\xe2\x80\x99 Centralized Trial\n    Balance System (FACTS II).\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected SOPs and observed the trust fund manager and reviewing trust fund manager\n   generate reports and determined that reports were generated in accordance with the\n   procedures.\n\n2. For a selection of months, inspected:\n\n     \xef\x82\xa7      Evidence of the review of the trust fund financial statement package by the reviewing\n            trust fund manager and determined that: the InvestOne accounting system and Oracle\n            trial balance ending balances agreed, the general ledger account reconciliations were\n            prepared, the budgetary to proprietary account reconciliations were prepared, the\n            Schedules of Assets and Liabilities and Schedules of Activity agreed to the trial\n            balance reports, the schedule of misstatements was prepared, and the reviewing trust\n            fund manager reviewed the reports for accuracy.\n\n            \xe2\x80\xa2   Exception noted - KPMG noted that the Highway Trust Fund September 2011\n                TFMB Oracle to InvestOne Proprietary Ending Balance Reconciliation was\n                missing accounts 3310 and 5800. We inquired of the client, who explained\n                account that 3310 was not included on the reconciliation by the preparer and was\n                missed by the reviewer, and account 5800 was included on the electronic\n                reconciliation but not on the printed reconciliation.\n\n     \xef\x82\xa7      Reconciliation of the month-end Fund Balance with Treasury from the Invest One\n            accounting system trial balance report to the CARS Account Statement and\n            determined that a trust fund manager completed the reconciliations and the reviewing\n            trust fund manager reviewed and approved the reconciliations as indicated on the\n            monthly financial review checklist.\n\n     \xef\x82\xa7      Monthly reconciliations from the InvestOne trial balance to the FIB investment\n            activity data and determined that the reconciliations were completed, and reviewed\n            and approved by the reviewing trust fund manager, and that any differences were\n            resolved.\n\n3. For a selection of weeks, inspected evidence of the review of the individual UTF account\n   statements, transaction statements, and Federal activity reports (EUCA and FECA) by the\n   trust fund manager and determined that the trust fund manager reviewed the reports for\n   accuracy.\n\n4. For a selection of months, inspected the InvestOne accounting system and FACTS II trial\n   balance reports for non-budgetary accounts and determined that the reports were reviewed for\n   accuracy and consistency, and any differences were resolved.\n\n5. For a selection of trust funds, inspected evidence of the review of the FMS-2108 reports to\n   the trial balance reports from the InvestOne accounting system and determined that the\n   reports were reviewed for accuracy and consistency.\n                                               58\n\x0c6. For a selection of months, inspected the reconciliation of the non-investment receipts and\n   disbursements from the InvestOne accounting system CTA/SF-224 report to the CTA/SF-224\n   worksheet and determined that the reviewing trust fund manager reviewed the reconciliation\n   and compared the total transactions from IPAC reports to the total from the CTA/SF-224\n   worksheet.\n\nNo exceptions noted, except as described above.\n\n\n\n\n                                              59\n\x0cControl Objective 16 \xe2\x80\x93 Unemployment Trust Fund Title XII of the Social Security Act\nAdvances Program\n\nControls provide reasonable assurance that state borrowing transactions are authorized,\nprocessed, and recorded accurately in the proper period.\n\nDescription of Controls\n\nTFMB has documented policies and procedures for staff to follow for the processing of the Title\nXII Advance transactions.\n\nPursuant to Title XII of the Social Security Act, certain Program Entities may borrow funds from\nthe Federal Unemployment Account (FUA) when they have exhausted all available funding in\ntheir account. The following summarizes the related borrowing, repayment, and interest\nprocesses.\n\nAdvances to the States / Borrowing Activity\n\nThe U.S. Department of Labor (DOL) authorizes and coordinates the amounts that certain states\nmay borrow. For each three month authorization period, DOL sends an authorization letter to\nTFMB indicating the amount that the Program Entity may borrow. During the twelve month\nperiod ended July 31, 2012, twenty-nine states were authorized to borrow. This number is subject\nto change as more states are authorized for funding. The states withdraw repayable advances\nfrom the FUA through ASAP.\n\nEach day, Program Entities determine the amount they want to borrow by reviewing their account\nin ASAP. Program Entities must enter their borrowing requests into ASAP by 6:00 pm EST.\n\nDuring the morning of the next business day, ASAP transmits a file to InvestOne that contains all\nof the borrowing transactions. The trust fund manager compares InvestOne\xe2\x80\x99s FUA Pending\nReport that summarizes pending borrowing request the ASAP transaction report.\n\nAfter the trust fund manager verifies that the requested borrowing is within the authority\nestablished by the DOL and reconciles these reports, the trust fund manager posts the transactions\nto the states\xe2\x80\x99 accounts within InvestOne and provides the reports to the reviewing trust fund\nmanager. The reviewing trust fund manager reviews and approves the reports. Any differences\nare investigated and resolved.\n\nRepayment Activity\n\nAs discussed in Control Objective 9, the Program Entities deposit unemployment tax receipts into\ntheir UTF accounts. TFMB processes repayments from Program Entities\' accounts to the FUA as\ndirected by the borrowing Program Entities and the DOL. These repayment entries are reviewed\nand initialed by the reviewing trust fund manager as part of the daily review of the\nUnemployment Trust Fund DTSP.\n\nInterest Terms\n\nIf a Program Entity has an outstanding loan balance at the end of the fiscal year, the Program\nEntity is liable for payment of interest on the funds it borrowed during the fiscal year. Interest\nowed by borrowing states is calculated in a spreadsheet that is populated from InvestOne\nborrowing and repayment balances. The trust fund manager reviews the borrowing Program\n\n                                               60\n\x0cEntity account balances at year-end to ensure that interest is appropriately calculated for any state\nstill in borrowing status.\n\nComplementary Program Entity Controls\n\nProgram Entities should establish controls to:\n\n\xe2\x80\xa2   Ensure that the systems they use to support on-line access to the ASAP are approved, tested,\n    and properly monitored (UTF only)\n\n\xe2\x80\xa2   Restrict ASAP access to authorized individuals (UTF only).\n\n\xe2\x80\xa2   Verify that borrowing requests are accurately entered into ASAP (UTF only).\n\n\xe2\x80\xa2   Verify that borrowing amounts are not in excess of the amount approved by the U.S.\n    Department of Labor.\n\nReview the reports provided by TFMB to ensure that borrowing, interest, and repayment\ntransactions are recorded accurately.\n\nTests of Operating Effectiveness and Results of Testing\n\n1. Inspected SOPs and observed the trust fund managers and reviewing trust fund managers\n   process and record state borrowing transactions and determined that the transactions were\n   processed in accordance with the procedures.\n\n2. For a selection of days, inspected the Borrowing Report, ASAP transaction report, and\n   authorized borrowing limits provided by DOL, and determined that the trust fund manager\n   verified that the borrowing was within the authority established by DOL.\n\n3. For a selection of days, inspected the reconciliation of the Borrowing Report to the ASAP\n   transaction report and determined that the reviewing trust fund manager reviewed and\n   approved the reconciliations.\n\n4. For a selection of days, inspected a selection of ASAP transaction reports, Borrowing\n   Reports, and the InvestOne accounting system and determined that the borrowings were\n   processed and recorded accurately in the proper period.\n\n5. For a selection of states authorized to borrow, inspected InvestOne accounting system reports\n   and determined that the Program Entity in borrowing status did not earn any daily income\n   when it was allocated.\n\n6. For a selection of days, inspected the sign-off on the DTSP evidencing the trust fund\n   manager\xe2\x80\x99s review of accounts to ensure receipts were applied as repayments and determined\n   that the reviews were documented.\n\n7. Inspected documentation of the trust fund manager\xe2\x80\x99s review of the borrowing Program Entity\n   account balances at year-end and determined that the trust fund manager reviewed the\n   accounts for the accurate calculation of interest for any state still in borrowing status.\n\nNo exceptions noted.\n\n\n                                                 61\n\x0cV.   OTHER INFORMATION PROVIDED BY THE\n         BUREAU OF THE PUBLIC DEBT\n\n\n\n\n                  62\n\x0cCONTINGENCY PLANNING\n\nSystem Back Up\n\nThe InvestOne accounting system has a contingency plan managed by the Division of Systems\nand Program Support (DSPS). There is a formal Division of Federal Investments (DFI) Business\nContinuity Plan (BCP), which is part of a larger BCP for the Office of Public Debt Accounting\n(OPDA) and the Bureau of the Public Debt (BPD) Continuity of Operations Plan (COOP). The\nTrust Funds Management Branch (TFMB) performs tests on all essential daily InvestOne\naccounting system functions. 13\n\nThe Office of Information Technology (OIT) performs backups of the InvestOne accounting\nsystem on a regular schedule. OIT retains the backup tapes according to a pre-set schedule 14 at\nan offsite facility. OIT stores one copy in the production tape library, and the other copy is\nshipped to an offsite facility. Long-term storage of tapes is provided through a contract with an\noffsite storage facility. If a backup tape needs to be restored, the request will be made from the\nDSPS. OIT will then load the backup tape.\n\nContinuity of Operations\n\nA fire alarm and sprinkler system that is managed, maintained, and tested by the building\nmanagement protects the data center 15. Sprinkler heads are located in the ceiling of each room of\nthe buildings. This is a pre-action wet pipe system with individual heads that discharge\nwater. The pre-action system is charged with nitrogen so accidental leaks or corrosion\nwill not allow the discharge of water in the data center. 16\n\nThe DFI Business Continuity Plan calls for resumption of operations and critical applications of\nessential functions within a pre-set time frame 17. The InvestOne accounting system has been\nclassified as a critical application.\n\nAs part of the DFI BCP, should the facility supporting InvestOne accounting system and\nFedInvest become unavailable, designated Trust Funds Management Branch (TFMB) personnel\nwill relocate to reestablish their daily operations. When applicable, BPD will revert to manual\nprocedures until the mainframe and InvestOne accounting system are fully recovered.\n\n\n\n\n13\n   TFMB performs emergency telework tests on all essential InvestOne functions a minimum of quarterly. The focus of these tests is to\nprovide assurances that connectivity can be made and these functions will continue with minimum interruption during any emergency\nthat may occur with or without warning.\n14\n   OIT uses IBM\'s Tape Management System to perform backups daily at 6:00 PM OIT retains the first backup for 15 days.\n15\n   Alarms are active 24 hours a day, 7 days a week, and are tied in to the local fire department over phone lines for spontaneous\nnotification.\n16\n   In the event the main building, where the InvestOne accounting system is run, becomes inoperable, mainframe operations would be\nrelocated to the BPD contingency facility in accordance with the OIT data center recovery plan. This facility employs a warm site\nstrategy for recovery of mainframe operations. OIT has contracted with the Financial Management Service to provide mainframe\nequipment for this site.\n17\n   4 hour time frame\n                                                                63\n\x0c'